First off, congratulations to Anthony Grasso, Erick Ramirez, and Lorina Poland on being raised to committers on the project! Not only is it great to see your hard work recognized, it's also a big milestone for the project as we branch out from only having core database code contributors as committers and start recognizing and elevating other parts of our ecosystem. Congrats!
[New contributors] Welcome to the Cassandra community! We have a couple places that tend to be good starting points for new contribution: 1) Test failures. We have a kanban board filtered out to just show test failures; here's a link to that showing only unassigned tickets: https://issues.apache.org/jira/secure/RapidBoard.jspa?rapidView=496&quickFilter=2252 2) Low hanging fruit, or "starter tickets" on our 4.0.x and 4.1.x release kanban board. These are tickets we've determined would make a good launching off point for someone new to the codebase: https://issues.apache.org/jira/secure/RapidBoard.jspa?rapidView=484&quickFilter=2162&quickFilter=2160 Join us on https://the-asf.slack.com in #cassandra-dev; the @cassandra_mentors alias is setup to ping those of us who have volunteered to help newcomers to the project. [Dev mailing list conversations] https://lists.apache.org/list?dev@cassandra.apache.org:lte=2w: It's been a busy two weeks. We released new versions of all supported versions of Cassandra to address CVE-2021-44521: https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356. The long and the short of it: if you're running Cassandra in the following non-default configuration: * enable_user_defined_functions: true * enable_scripted_user_defined_functions: true * enable_user_defined_functions_threads: false It's possible for an attacker to execute arbitrary code on the host. The attacker also needs permission to create user defined functions as well along with this configuration arrangement. We've discussed our hotfix release procedure a bit after this release here: https://lists.apache.org/thread/dk7svwpl1bbncsbkwbf35zbqmsoxjdk2. Where this discussion appears to be headed: future hotfixes will be based on a branch off the previous released tag so the diff on any given hotfix only includes the changes for that hotfix and nothing else. Probably going to be a lazy consensus wiki update w/notification to that thread this week. Discussion closed on Storage Attached Indexes and it moved on to a vote: https://lists.apache.org/thread/6h64dry8rkfg0p17oc4pl0ho4vnxgw13 Looking positive so far! The vote is also ongoing for Trie Memtable inclusion: https://lists.apache.org/thread/xcz8dt9bgodono949n79951gyt1sxt31, and is looking positive. Chris Thornett opened up the topic on the Apache Cassandra content process on the wiki for discussion: https://lists.apache.org/thread/7925q7qsrkch654wrq789rpvo4s0xrj5 Please take a look and chime in if you have some experience or interest in this area. Here's a link to the post on the confluence wiki: https://cwiki.apache.org/confluence/display/CASSANDRA/%28draft%29+Apache+Cassandra+blog+content+process Alex and other contributors merged in support for property based fuzz testing and let the project know here: https://lists.apache.org/thread/t51wnf58wj7wc73krtrfkvn58fnbh3g2. This approach has already surfaced a number of bugs in complex systems with subtle temporal relationships, so it's great to see that getting merged into the project. The topic has come up again that rewriting some of our existing old tests to use this new framework would be of great benefit to the project in the long run. After beating my head against dtests personally for a week or two, I can attest that the allure of rewriting is strong but it's also a pretty big climb. Caleb continues to push the config boulder up the metaphorical hill: https://lists.apache.org/thread/tk9rl0qw9byydbyfr25wx6chs05nm7to. For those not familiar, we've been discussing how to restructure our config .yaml in a manner that's more discoverable and maintainable for operators. This has pretty big ramifications to people out there in the wild administering many large C* clusters, so if you're one of those people please take a few minutes to ramp up on the topic and get involved in the discussion. And more. Check the link up top of this section; we had 28 different threads active in the last two weeks which is the high water mark as far as I can recall. Exciting times! [Development velocity] https://issues.apache.org/jira/secure/RapidBoard.jspa?rapidView=484&quickFilter=2175 On the 4.0.x line, we're down from 6 closes in the last 2 weeks to 4 this past period. CVE, some perf on node restart, LCS disk space checking. Remains slow which is a good sign and a testament to how much verification work went into 4.0 by the community. Up from 14 issues closed out to 19 issues on 4.1. Some highlights: merging of the fuzz testing framework in CASSANDRA-16262, a collection of test fixes (looking better!), the removal of nose support from dtests in CASSANDRA-17293 (long time coming, that), limiting max size of hints per host in CASSANDRA-17142, and a variety of other changes and fixes. Good velocity on this branch. [CI status] Things are looking a lot better on the CI side; there's a decent chance this is related not only to the extensive effort going into this situation but also due to smoothing out some speed bumps with the ASF Jenkins test running infra. A snapshot of where we are per branch on failures today: * 3.0: 16, trending down * 3.11: 22, trending down * 4.0: 9, recently trending up * trunk: 6, trending down All great signs and definitely moving in the direction we want! And that's it for now; you can expect to see some CI Result comments showing up as we roll out the Jenkins <-> JIRA integration to tie ASF CI results to our JIRA tickets within the next few days, which should hopefully make it easier for us to keep the test failure count down moving forward. Thanks as always everyone; see you on slack. ~Josh
