I(Steven Lu) have already started preparing 4.17.2 releases. https://github.com/apache/bookkeeper/pull/4622 Thanks
On Fri, Jun 20, 2025 at 8:17 PM Lari Hotari <lhot...@apache.org> wrote: > It looks like Steven Lu has already started preparing 4.17.2 and 4.16.7 > releases. > https://github.com/apache/bookkeeper/pull/4621 > https://github.com/apache/bookkeeper/pull/4622 > > -Lari > > On 2025/04/01 04:30:26 Yong Zhang wrote: > > Hi Lari, > > > > When I want to release a new version I notice this, and looks like the > > 4.17.2 didn't start yet. Will you continue to release it? > > > > On Tue, 15 Oct 2024 at 14:28, Enrico Olivelli <eolive...@gmail.com> > wrote: > > > > > +1 > > > > > > Enrico > > > > > > Il giorno mar 15 ott 2024 alle ore 05:34 Wenbing Shen < > > > shenwenb...@apache.org> ha scritto: > > > > > > > +1 > > > > > > > > Best, > > > > Wenbing > > > > > > > > Aloys Zhang <aloyszh...@apache.org> 于2024年10月14日周一 17:27写道: > > > > > > > > > +1 > > > > > > > > > > ZhangJian He <shoot...@gmail.com> 于2024年9月29日周日 15:28写道: > > > > > > > > > > > +1(binding) > > > > > > > > > > > > Thanks > > > > > > ZhangJian He > > > > > > > > > > > > On Sun, Sep 29, 2024 at 3:21 PM Hang Chen <chenh...@apache.org> > > > wrote: > > > > > > > > > > > > > > +1 > > > > > > > > > > > > > > Best, > > > > > > > Hang > > > > > > > > > > > > > > Lari Hotari <lhot...@apache.org> 于2024年9月25日周三 05:48写道: > > > > > > > > > > > > > > > > Hi all, > > > > > > > > > > > > > > > > BookKeeper 4.17.1 was released on June 26th, about 3 months > ago, > > > > and > > > > > I > > > > > > > > would like to discuss starting the 4.17.2 release to include > some > > > > > > > > critical security and bug fixes. > > > > > > > > > > > > > > > > The main reason for driving this release is the need to have > a > > > new > > > > > > > > release for Pulsar 4.0 with a fix for Protobuf CVE-2024-7254. > > > That > > > > > CVE > > > > > > > > is categorized as high (8.7/10). It's a potential > > > denial-of-service > > > > > > > > issue that doesn't pose a practical additional risk for > > > BookKeeper > > > > or > > > > > > > > Pulsar users. Since it's in the high category, we must > address it > > > > > > > > before the release. > > > > > > > > > > > > > > > > It's necessary to upgrade protobuf-java to 3.25.5 and > include a > > > > > > > > compatible grpc-java version as well. I'd suggest that we > pick > > > the > > > > > > > > most recent stable version of grpc-java that is compatible > with > > > > > > > > protobuf-java 3.25.5. I'll take a closer look at addressing > this > > > in > > > > > > > > the upcoming days. > > > > > > > > The PR to upgrade to protobuf-java 3.25.5 in the master > branch is > > > > > > > > https://github.com/apache/bookkeeper/pull/4508. > > > > > > > > > > > > > > > > Regarding Pulsar 4.0, there's a Pulsar dev mailing list > > > discussion > > > > > > > > with the updated Pulsar 4.0 timeline at > > > > > > > > > https://lists.apache.org/thread/qy8xp2ht0htvctlx2cwgrq2ppnjcp4m3 > > > . > > > > It > > > > > > > > also contains a description of the protobuf-java & grpc-java > > > > coupling > > > > > > > > between Pulsar and BookKeeper. Previous experiences have > taught > > > us > > > > > > > > that the way to prevent regressions is to first upgrade > > > > protobuf-java > > > > > > > > and grpc-java in BookKeeper and only after that in Pulsar. > There > > > > are > > > > > > > > some additional details about the challenges in decoupling > this > > > in > > > > a > > > > > > > > thread > > > > > > https://lists.apache.org/thread/odg7p617zwqjngq6fk6qf8xfzbfwgfgq > . > > > > > > > > However, this decoupling work is not feasible with this > timeline > > > > and > > > > > > > > we'll proceed with the previous procedure. > > > > > > > > > > > > > > > > Here are the current PRs for 4.17.2: > > > > > > > > > > > > > > > > > > > > > > > > > > > https://github.com/apache/bookkeeper/pulls?q=is%3Apr+label%3Arelease%2F4.17.2+is%3Amerged > > > > > > > > > > > > > > > > If you have other PRs that you want to be included in this > > > release, > > > > > > > > please tag the PR with "release/4.17.2" and reply to this > thread. > > > > > > > > > > > > > > > > I'd like to volunteer as the release manager for this > release. I > > > > > > > > haven't performed this role in the BookKeeper project > before, so > > > I > > > > > > > > hope there's someone who could assist me when I need help. > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > > -Lari > > > > > > > > > > > > > > > > > > > > >
