It sounds like there are more vulnerabilities that can be addressed with upgrades:
https://github.com/apache/bookkeeper/issues/2511 <https://github.com/apache/bookkeeper/issues/2511> Do we want to proceed with 4.14.2 and consider a 4.14.3 that addresses other vulnerabilities or try to address as many as we are aware of? I'm asking because I'm already seeing an RC out. Thanks, -Flavio > On 17 Aug 2021, at 07:59, Sijie Guo <guosi...@gmail.com> wrote: > > +1 > > On Thu, Aug 12, 2021 at 11:59 PM Yong Zhang <y...@apache.org> wrote: >> >> Hi, >> >> We have changed the BouncyCastle at this PR >> https://github.com/apache/bookkeeper/pull/2631, >> which introduces an Incompatible issue. Detail: >> https://github.com/apache/pulsar/issues/10937. >> >> This also blocks the user upgrade their charts to pulsar 2.8.0 >> https://github.com/apache/pulsar-helm-chart/pull/130 >> >> We have fixed it by https://github.com/apache/bookkeeper/pull/2740, >> so I want to start a new release of bookkeeper for unblocking the users. >> >> If there are no objections, I'll move forward with the patch release. >> >> Thanks, >> Yong
