Hi Mickael, The Docker Image CVE scan report can be found in the Docker Build Test Pipeline[0] shared(in the initial vote email). I see there are no High or Critical CVEs.
[0]: https://github.com/apache/kafka/actions/runs/9572915509 Regards, Krishna On Wed, Jun 19, 2024 at 8:14 PM Mickael Maison <mickael.mai...@gmail.com> wrote: > Hi Igor, > > I did the following: > - Checked signatures and checksums > - Ran the quickstart with the 2.13 binaries and the Docker image > - Built and run the tests from source > - Quickly browsed the javadoc > > It all looks good, but before voting, could you run the Docker Image > CVE Scanner GitHub action [0] on the new image to check it's CVE free? > It looks like we don't have this action in the 3.7 branch so it'll > probably involve some manual steps. > > 0: https://github.com/apache/kafka/actions/workflows/docker_scan.yml > > Thanks, > Mickael > > > Mickael > > On Wed, Jun 19, 2024 at 10:55 AM Igor Soarez <soa...@apache.org> wrote: > > > > Hello Kafka users, developers and client-developers, > > > > This is the second candidate for release of Apache Kafka 3.7.1. > > > > This is a bugfix release with several fixes. > > > > Release notes for the 3.7.1 release: > > https://home.apache.org/~soarez/kafka-3.7.1-rc2/RELEASE_NOTES.html > > > > *** Please download, test and vote by Friday June 28, 11am UTC. > > > > Kafka's KEYS file containing PGP keys we use to sign the release: > > https://kafka.apache.org/KEYS > > > > * Release artifacts to be voted upon (source and binary): > > https://home.apache.org/~soarez/kafka-3.7.1-rc2/ > > > > * Docker release artifact to be voted upon: > > apache/kafka:3.7.1-rc2 > > > > * Maven artifacts to be voted upon: > > https://repository.apache.org/content/groups/staging/org/apache/kafka/ > > > > * Javadoc: > > https://home.apache.org/~soarez/kafka-3.7.1-rc2/javadoc/ > > > > * Tag to be voted upon (off 3.7 branch) is the 3.7.1 tag: > > https://github.com/apache/kafka/releases/tag/3.7.1-rc2 > > > > * Documentation: > > https://kafka.apache.org/37/documentation.html > > > > * Protocol: > > https://kafka.apache.org/37/protocol.html > > > > * Successful Jenkins builds for the 3.7 branch: > > Unit/integration tests: > https://ci-builds.apache.org/job/Kafka/job/kafka/job/3.7/184/ > > The latest test run includes some flaky tests, all of which were > confirmed to pass locally. > > > > System tests: > > I don't have access to the Jenkins instance used for system tests in > > https://jenkins.confluent.io/job/system-test-kafka/job/3.7 > > Luke has kindly shared results in the previous RC (thank you Luke!), > > and all issues have been addressed. > > If anyone with access is able to confirm the latest test results, please > > reply with details. > > > > * Successful Docker Image Github Actions Pipeline for 3.7 branch: > > Docker Build Test Pipeline: > https://github.com/apache/kafka/actions/runs/9572915509 > > > > /************************************** > > > > Thanks, > > > > -- > > Igor Soarez >
