Hi Gabor It sounds reasonable to me.
Let me review #9183. Thanks ! Regards JB On Mon, Dec 4, 2023 at 9:51 AM Gabor Kaszab <gaborkas...@apache.org> wrote: > > Hey, > > We have recently found a regression in the expireSnapshot functionality. > https://github.com/apache/iceberg/pull/9183 Would it make sense to include > thisfix as well to the next patch release? > > Gabor > > On Sun, Dec 3, 2023 at 6:04 AM Jean-Baptiste Onofré <j...@nanthrax.net> wrote: >> >> Hi Fokko, >> >> I know we have some fixes on the fly. So, let me do a new pass on >> issues and backports and I will send an update on the mailing list >> (early next week). >> >> Thanks ! >> Regards >> JB >> >> On Sun, Dec 3, 2023 at 1:40 AM Fokko Driesprong <fo...@apache.org> wrote: >> > >> > Hey JB, >> > >> > I think there is no harm in doing a patch release. >> > >> > There was another request to backport an issue, I've created a PR: >> > https://github.com/apache/iceberg/pull/8969#issuecomment-1837286383 >> > >> > Kind regards, >> > Fokko >> > >> > Op wo 22 nov 2023 om 18:50 schreef Jean-Baptiste Onofré >> > <j...@nanthrax.net>: >> >> >> >> Hi guys >> >> >> >> Quick update about that: >> >> 1. I took a deeper look today about the Avro CVE issue. I don't think >> >> we are impacted on Iceberg (the CVE is about deserialization of >> >> corrupted data potentially causing out of memory). The fix >> >> (https://github.com/apache/avro/commit/a12a7e44d) introduces >> >> SystemLimitException that uses system properties to define boundaries >> >> and avoid the OOM (even if the deserialization won't still work :)). >> >> So, nothing really changes from an Iceberg perspective. >> >> 2. As discussed during the community meeting today, as (1) doesn't >> >> really have an impact on Iceberg, there's no urgency to release 1.4.3. >> >> We agreed to wait new fixes for 1.4.3 release. >> >> >> >> I'm still volunteering to cut the 1.4.3 patch release when ready (I >> >> did all the build checks on my machine :)), and I'm doing a pass on GH >> >> issues. >> >> >> >> Thanks ! >> >> Regards >> >> JB >> >> >> >> On Tue, Nov 21, 2023 at 8:49 PM Jean-Baptiste Onofré <j...@nanthrax.net> >> >> wrote: >> >> > >> >> > Hi >> >> > >> >> > We chatted about the 1.4.3 release with Ed. >> >> > >> >> > We have few PRs we want to include and as it’s Thanksgiving this week, >> >> > I will submit the release to vote on Tuesday next week. >> >> > >> >> > Regards >> >> > JB >> >> > >> >> > Le lun. 20 nov. 2023 à 17:24, Jean-Baptiste Onofré <j...@nanthrax.net> >> >> > a écrit : >> >> >> >> >> >> Thanks Fokko ! >> >> >> >> >> >> I'm on the local build check and issue pass. I plan to start the >> >> >> release tomorrow. >> >> >> >> >> >> Regards >> >> >> JB >> >> >> >> >> >> On Mon, Nov 20, 2023 at 8:56 AM Driesprong, Fokko >> >> >> <fo...@driesprong.frl> wrote: >> >> >> > >> >> >> > I took the liberty and created a 1.4.3 milestone to track any issues >> >> >> > that we want to backport. >> >> >> > >> >> >> > Kind regards, >> >> >> > Fokko Driesprong >> >> >> > >> >> >> > Op ma 20 nov 2023 om 08:50 schreef Driesprong, Fokko >> >> >> > <fo...@driesprong.frl>: >> >> >> >> >> >> >> >> Hey JB, >> >> >> >> >> >> >> >> Late to the party here, but 1.4.3 sounds like a great idea. Let me >> >> >> >> know if you need any help with any release steps. >> >> >> >> >> >> >> >> Kind regards, >> >> >> >> Fokko Driesprong >> >> >> >> >> >> >> >> Op ma 20 nov 2023 om 08:16 schreef Jean-Baptiste Onofré >> >> >> >> <j...@nanthrax.net>: >> >> >> >>> >> >> >> >>> Hi >> >> >> >>> >> >> >> >>> As there's no objection, I will move forward and prepare the >> >> >> >>> release to vote. >> >> >> >>> >> >> >> >>> I will keep you posted asap. >> >> >> >>> >> >> >> >>> Thanks, >> >> >> >>> Regards >> >> >> >>> JB >> >> >> >>> >> >> >> >>> On Wed, Nov 15, 2023 at 6:11 AM Jean-Baptiste Onofré >> >> >> >>> <j...@nanthrax.net> wrote: >> >> >> >>> > >> >> >> >>> > Hi guys, >> >> >> >>> > >> >> >> >>> > Avro 1.11.3 has been released, fixing CVE-2023-39410. >> >> >> >>> > We already updated to Avro 1.11.3 on main. >> >> >> >>> > >> >> >> >>> > About CVE, we also already use guava 32.1.3, fixing >> >> >> >>> > CVE-2023-2976. >> >> >> >>> > >> >> >> >>> > As the Avro CVE is classified high (see >> >> >> >>> > https://nvd.nist.gov/vuln/detail/CVE-2023-39410), I propose to >> >> >> >>> > bump to >> >> >> >>> > Avro 1.11.3 on our 1.4.x branch and release Iceberg 1.4.3 >> >> >> >>> > including >> >> >> >>> > this. >> >> >> >>> > >> >> >> >>> > Thoughts ? >> >> >> >>> > >> >> >> >>> > If there are no objections, I'm volunteer to drive this release. >> >> >> >>> > >> >> >> >>> > Thanks, >> >> >> >>> > Regards >> >> >> >>> > JB
