I think it can be argued that this is a pretty serious bug for a newly introduced feature, and qualifies for inclusion in an RC, but I don’t personally have a strong opinion on if this should happen.
I can’t imagine how this would be an _exception_ for inclusion in 4.0.1 though. From: Mick Semb Wever <m...@apache.org> Date: Thursday, 3 June 2021 at 22:45 To: dev@cassandra.apache.org <dev@cassandra.apache.org> Subject: Re: Obfuscation of passwords in audit loging, in or not in 4.0? Thanks for raising this Stefan. > While I humbly think this is 4.0-worthy, the process we have, as far > as I know, is that there should be only critical fixes in 4.0 so I > guess this will go to 4.0.1, right? Or does this qualify to go to 4.0 > still? > I believe the question here is whether this patch is worthy of an exception to go to 4.0.x. (i.e. 4.0.1) At this point in time all improvements would be by default slated for 4.x (i.e. 4.1) It does not qualify as a RC critical bug for 4.0.0. Looking at the patch it is simple, and one could almost consider it a security fix on a new 4.0 feature, so I'd say it's a valid exception for 4.0.x. Keen to hear what others think. And how we should go about requesting such exceptions for non-bugs during each annual release cycle.
