Hi Eduard, I’d love to be the release manager of 1.8.2.
Thanks, Manu Eduard Tudenhöfner <etudenhoef...@apache.org>于2025年4月16日 周三02:04写道: > So it sounds like we may want to do 1.8.2 with the updated Parquet version > as that should be very low risk. > Does anyone want to volunteer and be the release manager for 1.8.2? > > On Mon, Apr 14, 2025 at 5:29 PM Ryan Blue <rdb...@gmail.com> wrote: > >> I agree with Fokko. It's a good idea to get a release out soon that has a >> fix for this, but we don't want to make unnecessary releases for things >> that aren't actual vulnerabilities. That's especially true in older >> branches, where we have reasonable guidelines for what goes in them >> already. It's better for people to update to 1.8.x than for us to backport >> an unnecessary fix to 1.7.x along with a significant version bump that we >> would not normally allow. >> >> In addition, I think it's relevant that people can override the Parquet >> dependency in their builds. There should be no urgent need for an Iceberg >> release just to automatically bump the Parquet version in downstream builds. >> >> Ryan >> >> On Mon, Apr 14, 2025 at 2:49 AM Jean-Baptiste Onofré <j...@nanthrax.net> >> wrote: >> >>> Hi Manu, >>> >>> See my comments from few days ago (in the 1.9.x release discussion): >>> https://lists.apache.org/thread/4c4hg85c8qxq4cznp3drnyro88qp0rjr >>> >>> Regards >>> JB >>> >>> On Sat, Apr 12, 2025 at 4:50 PM Manu Zhang <owenzhang1...@gmail.com> >>> wrote: >>> > >>> > Hi all, >>> > >>> > https://nvd.nist.gov/vuln/detail/CVE-2025-30065 (10.0 critical) has >>> been fixed on the main branch for 1.9+ (upgrade parquet to 1.15.1). Shall >>> we fix on 1.8.x, 1.7.x and 1.6.x? >>> > >>> > There's an open issue[1] and PRs for 1.7.x[2] and 1.6.x[3] >>> > >>> > 1. https://github.com/apache/iceberg/issues/12749 >>> > 2. https://github.com/apache/iceberg/pull/12778 >>> > 3. https://github.com/apache/iceberg/pull/12780 >>> > >>> > >>> > Thanks, >>> > Manu >>> >>
