Yong, did you run the license check after cherry picking? Enrico
Il giorno mer 18 ago 2021 alle ore 02:57 Yong Zhang < zhangyong1025...@gmail.com> ha scritto: > I have cherry-picked them[1] into the branch-4.14. Will roll out a new RC. > > [1] > > https://github.com/apache/bookkeeper/pulls?q=is%3Apr+label%3Arelease%2F4.14.2+is%3Aclosed > > Yong > > On Wed, 18 Aug 2021 at 08:44, Yong Zhang <zhangyong1025...@gmail.com> > wrote: > > > I saw there has some other security PRs, should we include that in this > > release? > > > > > > > https://github.com/apache/bookkeeper/pulls?q=is%3Apr+SECURITY+is%3Aclosed+milestone%3A4.15.0 > > > > Yong > > > > On Wed, 18 Aug 2021 at 00:01, Enrico Olivelli <eolive...@gmail.com> > wrote: > > > >> good point Flavio > >> the PR that fixed that problem has been merged only on master branch > >> (4.15.0) > >> https://github.com/apache/bookkeeper/pull/2693 > >> > >> it is a good motivation to roll out a new RC IMHO, > >> the PR is already merged to another branch, it is only a matter of > cherry > >> picking > >> > >> Enrico > >> > >> Il giorno mar 17 ago 2021 alle ore 17:53 Flavio Junqueira < > f...@apache.org > >> > > >> ha scritto: > >> > >> > It sounds like there are more vulnerabilities that can be addressed > with > >> > upgrades: > >> > > >> > https://github.com/apache/bookkeeper/issues/2511 < > >> > https://github.com/apache/bookkeeper/issues/2511> > >> > > >> > Do we want to proceed with 4.14.2 and consider a 4.14.3 that addresses > >> > other vulnerabilities or try to address as many as we are aware of? > I'm > >> > asking because I'm already seeing an RC out. > >> > > >> > Thanks, > >> > -Flavio > >> > > >> > > On 17 Aug 2021, at 07:59, Sijie Guo <guosi...@gmail.com> wrote: > >> > > > >> > > +1 > >> > > > >> > > On Thu, Aug 12, 2021 at 11:59 PM Yong Zhang <y...@apache.org> > wrote: > >> > >> > >> > >> Hi, > >> > >> > >> > >> We have changed the BouncyCastle at this PR > >> > >> https://github.com/apache/bookkeeper/pull/2631, > >> > >> which introduces an Incompatible issue. Detail: > >> > >> https://github.com/apache/pulsar/issues/10937. > >> > >> > >> > >> This also blocks the user upgrade their charts to pulsar 2.8.0 > >> > >> https://github.com/apache/pulsar-helm-chart/pull/130 > >> > >> > >> > >> We have fixed it by https://github.com/apache/bookkeeper/pull/2740 > , > >> > >> so I want to start a new release of bookkeeper for unblocking the > >> users. > >> > >> > >> > >> If there are no objections, I'll move forward with the patch > release. > >> > >> > >> > >> Thanks, > >> > >> Yong > >> > > >> > > >> > > >
