Hi Gabor

It sounds reasonable to me.

Let me review #9183.

Thanks !
Regards
JB

On Mon, Dec 4, 2023 at 9:51 AM Gabor Kaszab <gaborkas...@apache.org> wrote:
>
> Hey,
>
> We have recently found a regression in the expireSnapshot functionality. 
> https://github.com/apache/iceberg/pull/9183 Would it make sense to include 
> thisfix as well to the next patch release?
>
> Gabor
>
> On Sun, Dec 3, 2023 at 6:04 AM Jean-Baptiste Onofré <j...@nanthrax.net> wrote:
>>
>> Hi Fokko,
>>
>> I know we have some fixes on the fly. So, let me do a new pass on
>> issues and backports and I will send an update on the mailing list
>> (early next week).
>>
>> Thanks !
>> Regards
>> JB
>>
>> On Sun, Dec 3, 2023 at 1:40 AM Fokko Driesprong <fo...@apache.org> wrote:
>> >
>> > Hey JB,
>> >
>> > I think there is no harm in doing a patch release.
>> >
>> > There was another request to backport an issue, I've created a PR: 
>> > https://github.com/apache/iceberg/pull/8969#issuecomment-1837286383
>> >
>> > Kind regards,
>> > Fokko
>> >
>> > Op wo 22 nov 2023 om 18:50 schreef Jean-Baptiste Onofré 
>> > <j...@nanthrax.net>:
>> >>
>> >> Hi guys
>> >>
>> >> Quick update about that:
>> >> 1. I took a deeper look today about the Avro CVE issue. I don't think
>> >> we are impacted on Iceberg (the CVE is about deserialization of
>> >> corrupted data potentially causing out of memory). The fix
>> >> (https://github.com/apache/avro/commit/a12a7e44d) introduces
>> >> SystemLimitException that uses system properties to define boundaries
>> >> and avoid the OOM (even if the deserialization won't still work :)).
>> >> So, nothing really changes from an Iceberg perspective.
>> >> 2. As discussed during the community meeting today, as (1) doesn't
>> >> really have an impact on Iceberg, there's no urgency to release 1.4.3.
>> >> We agreed to wait new fixes for 1.4.3 release.
>> >>
>> >> I'm still volunteering to cut the 1.4.3 patch release when ready (I
>> >> did all the build checks on my machine :)), and I'm doing a pass on GH
>> >> issues.
>> >>
>> >> Thanks !
>> >> Regards
>> >> JB
>> >>
>> >> On Tue, Nov 21, 2023 at 8:49 PM Jean-Baptiste Onofré <j...@nanthrax.net> 
>> >> wrote:
>> >> >
>> >> > Hi
>> >> >
>> >> > We chatted about the 1.4.3 release with Ed.
>> >> >
>> >> > We have few PRs we want to include and as it’s Thanksgiving this week, 
>> >> > I will submit the release to vote on Tuesday next week.
>> >> >
>> >> > Regards
>> >> > JB
>> >> >
>> >> > Le lun. 20 nov. 2023 à 17:24, Jean-Baptiste Onofré <j...@nanthrax.net> 
>> >> > a écrit :
>> >> >>
>> >> >> Thanks Fokko !
>> >> >>
>> >> >> I'm on the local build check and issue pass. I plan to start the
>> >> >> release tomorrow.
>> >> >>
>> >> >> Regards
>> >> >> JB
>> >> >>
>> >> >> On Mon, Nov 20, 2023 at 8:56 AM Driesprong, Fokko 
>> >> >> <fo...@driesprong.frl> wrote:
>> >> >> >
>> >> >> > I took the liberty and created a 1.4.3 milestone to track any issues 
>> >> >> > that we want to backport.
>> >> >> >
>> >> >> > Kind regards,
>> >> >> > Fokko Driesprong
>> >> >> >
>> >> >> > Op ma 20 nov 2023 om 08:50 schreef Driesprong, Fokko 
>> >> >> > <fo...@driesprong.frl>:
>> >> >> >>
>> >> >> >> Hey JB,
>> >> >> >>
>> >> >> >> Late to the party here, but 1.4.3 sounds like a great idea. Let me 
>> >> >> >> know if you need any help with any release steps.
>> >> >> >>
>> >> >> >> Kind regards,
>> >> >> >> Fokko Driesprong
>> >> >> >>
>> >> >> >> Op ma 20 nov 2023 om 08:16 schreef Jean-Baptiste Onofré 
>> >> >> >> <j...@nanthrax.net>:
>> >> >> >>>
>> >> >> >>> Hi
>> >> >> >>>
>> >> >> >>> As there's no objection, I will move forward and prepare the 
>> >> >> >>> release to vote.
>> >> >> >>>
>> >> >> >>> I will keep you posted asap.
>> >> >> >>>
>> >> >> >>> Thanks,
>> >> >> >>> Regards
>> >> >> >>> JB
>> >> >> >>>
>> >> >> >>> On Wed, Nov 15, 2023 at 6:11 AM Jean-Baptiste Onofré 
>> >> >> >>> <j...@nanthrax.net> wrote:
>> >> >> >>> >
>> >> >> >>> > Hi guys,
>> >> >> >>> >
>> >> >> >>> > Avro 1.11.3 has been released, fixing CVE-2023-39410.
>> >> >> >>> > We already updated to Avro 1.11.3 on main.
>> >> >> >>> >
>> >> >> >>> > About CVE, we also already use guava 32.1.3, fixing 
>> >> >> >>> > CVE-2023-2976.
>> >> >> >>> >
>> >> >> >>> > As the Avro CVE is classified high (see
>> >> >> >>> > https://nvd.nist.gov/vuln/detail/CVE-2023-39410), I propose to 
>> >> >> >>> > bump to
>> >> >> >>> > Avro 1.11.3 on our 1.4.x branch and release Iceberg 1.4.3 
>> >> >> >>> > including
>> >> >> >>> > this.
>> >> >> >>> >
>> >> >> >>> > Thoughts ?
>> >> >> >>> >
>> >> >> >>> > If there are no objections, I'm volunteer to drive this release.
>> >> >> >>> >
>> >> >> >>> > Thanks,
>> >> >> >>> > Regards
>> >> >> >>> > JB

Reply via email to