I saw there has some other security PRs, should we include that in this
release?

https://github.com/apache/bookkeeper/pulls?q=is%3Apr+SECURITY+is%3Aclosed+milestone%3A4.15.0

Yong

On Wed, 18 Aug 2021 at 00:01, Enrico Olivelli <eolive...@gmail.com> wrote:

> good point Flavio
> the PR that fixed that problem has been merged only on master branch
> (4.15.0)
> https://github.com/apache/bookkeeper/pull/2693
>
> it is a good motivation to roll out a new RC IMHO,
> the PR is already merged to another branch, it is only a matter of cherry
> picking
>
> Enrico
>
> Il giorno mar 17 ago 2021 alle ore 17:53 Flavio Junqueira <f...@apache.org>
> ha scritto:
>
> > It sounds like there are more vulnerabilities that can be addressed with
> > upgrades:
> >
> > https://github.com/apache/bookkeeper/issues/2511 <
> > https://github.com/apache/bookkeeper/issues/2511>
> >
> > Do we want to proceed with 4.14.2 and consider a 4.14.3 that addresses
> > other vulnerabilities or try to address as many as we are aware of? I'm
> > asking because I'm already seeing an RC out.
> >
> > Thanks,
> > -Flavio
> >
> > > On 17 Aug 2021, at 07:59, Sijie Guo <guosi...@gmail.com> wrote:
> > >
> > > +1
> > >
> > > On Thu, Aug 12, 2021 at 11:59 PM Yong Zhang <y...@apache.org> wrote:
> > >>
> > >> Hi,
> > >>
> > >> We have changed the BouncyCastle at this PR
> > >> https://github.com/apache/bookkeeper/pull/2631,
> > >> which introduces an Incompatible issue. Detail:
> > >> https://github.com/apache/pulsar/issues/10937.
> > >>
> > >> This also blocks the user upgrade their charts to pulsar 2.8.0
> > >> https://github.com/apache/pulsar-helm-chart/pull/130
> > >>
> > >> We have fixed it by https://github.com/apache/bookkeeper/pull/2740,
> > >> so I want to start a new release of bookkeeper for unblocking the
> users.
> > >>
> > >> If there are no objections, I'll move forward with the patch release.
> > >>
> > >> Thanks,
> > >> Yong
> >
> >
>

Reply via email to