Dear Pulsar community members, I'd like to propose cutting a 2.6.4 release so that we can address CVE-2021-22160 [1] also in 2.6.x. The fix for CVE-2021-22160 is included in 2.7.1 .
Here [2] you can find the list of commits cherry-picked to branch-2.6 since 2.6.3 release. I would like to volunteer as a release manager for 2.6.4 unless someone else is already planning to take care of this release. BR, Lari [1] https://lists.apache.org/thread.html/r347650d15a3e9c5f58b83e918b6ad6dedc2a63d3eb63da8e6a7be87e%40%3Cdev.pulsar.apache.org%3E [2] https://github.com/apache/pulsar/compare/v2.6.3...branch-2.6
