This is the first release candidate for Apache Pulsar, version 2.6.4. It contains the following changes: https://github.com/apache/pulsar/compare/v2.6.3...v2.6.4-candidate-1
The fix for CVE-2021-22160 [1] made as part of PR #9172 [2] has been cherry-picked to branch-2.6 in commit 67e7e0cd [3]. It is included in this release. *** Please download, test and vote on this release. This vote will stay open for at least 72 hours *** Note that we are voting upon the source (tag), binaries are provided for convenience. Source and binary files: https://dist.apache.org/repos/dist/dev/pulsar/pulsar-2.6.4-candidate-1/ SHA-512 checksums: 1a2eaf978d07412668a51fb60d0635a4d5b40d5e9af1a1421100f784902e6a7f02c34dd4d579d58d97fb1b269cc323007943dbf4c3ad4c123a0a262522f6697e apache-pulsar-2.6.4-bin.tar.gz c4f415688655ea531724c2d1e82d13a5a9d3d772830860c37213b5ce5bdb1ec3b79ead65e5b1b84015bfe6cf1fdef80b8555bf96b3b9e28815659a073b255342 apache-pulsar-2.6.4-src.tar.gz Maven staging repo: https://repository.apache.org/content/repositories/orgapachepulsar-1082/ The tag to be voted upon: v2.6.4-candidate-1 (a3f0b88658116ab2223d2e0243b0ee2d33ae8c63) https://github.com/apache/pulsar/releases/tag/v2.6.4-candidate-1 Pulsar's KEYS file containing PGP keys we use to sign the release: https://dist.apache.org/repos/dist/dev/pulsar/KEYS Please download the source package, and follow the README to build and run the Pulsar standalone service. [1] https://lists.apache.org/thread.html/r347650d15a3e9c5f58b83e918b6ad6dedc2a63d3eb63da8e6a7be87e%40%3Cdev.pulsar.apache.org%3E [2] https://github.com/apache/pulsar/pull/9172 [3] https://github.com/apache/pulsar/commit/67e7e0cd
