good point Flavio the PR that fixed that problem has been merged only on master branch (4.15.0) https://github.com/apache/bookkeeper/pull/2693
it is a good motivation to roll out a new RC IMHO, the PR is already merged to another branch, it is only a matter of cherry picking Enrico Il giorno mar 17 ago 2021 alle ore 17:53 Flavio Junqueira <f...@apache.org> ha scritto: > It sounds like there are more vulnerabilities that can be addressed with > upgrades: > > https://github.com/apache/bookkeeper/issues/2511 < > https://github.com/apache/bookkeeper/issues/2511> > > Do we want to proceed with 4.14.2 and consider a 4.14.3 that addresses > other vulnerabilities or try to address as many as we are aware of? I'm > asking because I'm already seeing an RC out. > > Thanks, > -Flavio > > > On 17 Aug 2021, at 07:59, Sijie Guo <guosi...@gmail.com> wrote: > > > > +1 > > > > On Thu, Aug 12, 2021 at 11:59 PM Yong Zhang <y...@apache.org> wrote: > >> > >> Hi, > >> > >> We have changed the BouncyCastle at this PR > >> https://github.com/apache/bookkeeper/pull/2631, > >> which introduces an Incompatible issue. Detail: > >> https://github.com/apache/pulsar/issues/10937. > >> > >> This also blocks the user upgrade their charts to pulsar 2.8.0 > >> https://github.com/apache/pulsar-helm-chart/pull/130 > >> > >> We have fixed it by https://github.com/apache/bookkeeper/pull/2740, > >> so I want to start a new release of bookkeeper for unblocking the users. > >> > >> If there are no objections, I'll move forward with the patch release. > >> > >> Thanks, > >> Yong > >
