Hello Zain, Sorry for the late reply.
Thank you for the explanation. I looked into the KIP and I think I agree with you that it could be cherry-picked to old versions as fixes on the jmx-tool. On the other hand, however, I saw that 2.2.1 has already been voting for its first RCs (cc'ed the release manager Vahid to chime in if he thinks this could still be done); AND also 2.3.0 is being cut and is expected to be released in a couple of more weeks as well. So could you wait for a bit longer for 2.3.0 for this fix to get out? Guozhang On Fri, May 10, 2019 at 10:52 PM Zain Malik <zmaliksh...@gmail.com> wrote: > Agree on that Guozhang, that we should be careful with these behavioral > changes > > But I asked as it is defaulting jmx-ssl-enable and jmx-auth-prop to false > and that way maintaining the behavior and any user upgrading to bug-fix > shouldn't see any change regarding JMX unless they enable those flags > explicitly > > This bugfix is really a huge deal from a security/monitoring perspective > > > On 2019/05/11 01:34:53, Guozhang Wang <wangg...@gmail.com> wrote: > > Hello, > > > > For any changes that is KIP-related we usually would not cherry-pick to > old > > bug-fix releases since they usually means API changes, like new configs. > On > > the other hand users upgrading to bug-fix releases are not expecting to > see > > any behavioral or public API changes. > > > > > > Guozhang > > > > > > On Fri, May 10, 2019 at 9:54 AM zmaliksh...@gmail.com < > zmaliksh...@gmail.com> > > wrote: > > > > > Hi, > > > > > > thanks for providing a fix for KIP-417 that enables a secure > connection to > > > RMI port. > > > > > > This is really a good fix from the security point of view and would be > > > nice to backport to the 2.2.1 > > > > > > Is that planned already? > > > > > > > > > -- > > -- Guozhang > > > -- -- Guozhang
