hi Colin > Yes, let’s take the jetty CVE fix for 3.9.0.
done ( https://github.com/apache/kafka/commit/de9a7199dfbcfbc63334772f7b4556826fbdf4ce ) Colin McCabe <cmcc...@apache.org> 於 2024年10月21日 週一 上午2:37寫道: > Hi Chia-Ping Tsai, > > Yes, let’s take the jetty CVE fix for 3.9.0. > > Best, > Colin > > > On Wed, Oct 16, 2024, at 08:51, Chia-Ping Tsai wrote: > > hi Colin > > > > Do you think KAFKA-17810 is a blocker for 3.9.0 since it's related to a > > CVE? The PR (https://github.com/apache/kafka/pull/17517) will upgrade > > Jetty to 9.4.56.v20240826 to fix one of the CVEs, and we can backport > > it to 3.9 if you're okay with rolling RC3 > > > > Best, > > Chia-Ping > > > > > > On 2024/10/10 21:14:55 Colin McCabe wrote: > >> This is the second candidate for the release of Apache Kafka 3.9.0. I > have titled it rc2 since I had an rc1 which got very far, even to the point > of pushing tags and docker images, before I spotted an issue. So rather > than mutate the tags, I decided to skip over rc1. > >> > >> - This is a major release, the final one in the 3.x line. (There may of > course be other minor releases in this line, such as 3.9.1.) > >> - Tiered storage will be considered production-ready in this release. > >> - This will be the final major release to feature the deprecated > ZooKeeper mode. > >> > >> This release includes the following KIPs: > >> - KIP-853: Support dynamically changing KRaft controller membership > >> - KIP-1057: Add remote log metadata flag to the dump log tool > >> - KIP-1049: Add config log.summary.interval.ms to Kafka Streams > >> - KIP-1040: Improve handling of nullable values in InsertField, > ExtractField, and other transformations > >> - KIP-1031: Control offset translation in MirrorSourceConnector > >> - KIP-1033: Add Kafka Streams exception handler for exceptions > occurring during processing > >> - KIP-1017: Health check endpoint for Kafka Connect > >> - KIP-1025: Optionally URL-encode clientID and clientSecret in > authorization header > >> - KIP-1005: Expose EarliestLocalOffset and TieredOffset > >> - KIP-950: Tiered Storage Disablement > >> - KIP-956: Tiered Storage Quotas > >> > >> Release notes for the 3.9.0 release: > >> > https://dist.apache.org/repos/dist/dev/kafka/3.9.0-rc2/RELEASE_NOTES.html > >> > >> *** Please download, test and vote by October 16, 2024. > >> > >> Kafka's KEYS file containing PGP keys we use to sign the release: > >> https://kafka.apache.org/KEYS > >> > >> * Release artifacts to be voted upon (source and binary): > >> https://dist.apache.org/repos/dist/dev/kafka/3.9.0-rc2/ > >> > >> * Docker release artifacts to be voted upon: > >> apache/kafka:3.9.0-rc2 > >> apache/kafka-native:3.9.0-rc2 > >> > >> * Maven artifacts to be voted upon: > >> https://repository.apache.org/content/groups/staging/org/apache/kafka/ > >> > >> * Javadoc: > >> https://dist.apache.org/repos/dist/dev/kafka/3.9.0-rc2/javadoc/ > >> > >> * Documentation: > >> https://kafka.apache.org/39/documentation.html > >> > >> * Protocol: > >> https://kafka.apache.org/39/protocol.html > >> > >> * Tag to be voted upon (off 3.9 branch) is the 3.9.0-rc2 tag: > >> https://github.com/apache/kafka/releases/tag/3.9.0-rc2 > >> > >> * Successful Docker Image Github Actions Pipeline for 3.9 branch: > >> Docker Build Test Pipeline (JVM): > https://github.com/apache/kafka/actions/runs/11281563007 > >> Docker Build Test Pipeline (Native): > https://github.com/apache/kafka/actions/runs/11281608809 > >> > >> Thanks to everyone who helped with this release candidate, either by > contributing code, testing, or documentation. > >> > >> Regards, > >> Colin > >> >
