Given the log4j CVE, we should work to release 2.7.4. I started preparing the release today by cherry-picking merged PRs that have the `release/2.7.4` label but have not yet been cherry-picked to `branch-2.7` [0]. There are still 37 PRs that have not been cherry picked. I think it will take too long to cherry pick all of these commits, as many have conflicts, and we should prioritize releasing 2.7.4. The main commits that we should get cherry-picked before creating the git tag are any labeled with `component/security`. There are only a few remaining commits to cherry pick. Please let me know if you think any other commits ought to be cherry-picked.
The earliest I'll be able to build the release is Monday. If we need to start sooner, perhaps someone else will be available to manage this urgent release. Thanks, Michael [0] - https://github.com/apache/pulsar/pulls?page=2&q=label%3Arelease%2F2.7.4+sort%3Acreated-asc+is%3Apr+-label%3Acherry-picked%2Fbranch-2.7 [1] - https://github.com/apache/pulsar/pulls?q=label%3Arelease%2F2.7.4+sort%3Acreated-asc+is%3Apr+-label%3Acherry-picked%2Fbranch-2.7+label%3Acomponent%2Fsecurity On Thu, Dec 9, 2021 at 4:03 PM Neng Lu <nl...@apache.org> wrote: > > +1 > > On 2021/12/09 15:29:55 Michael Marshall wrote: > > Hello Pulsar Community, > > > > I'd like to propose that we release 2.7.4. We have merged several > > important fixes since we released 2.7.3 in August. > > > > I am happy to volunteer to be the release manager. > > > > Here [0] you can find the list of 36 commits cherry-picked to > > branch-2.7 since 2.7.3 release. It looks like there are more PRs > > labeled with `release/2.7.4` than commits cherry-picked, so I will > > need to work on cherry-picking those before we can create the tag for > > the release [1]. > > > > Also, I see 3 open PRs labeled with `release/2.7.4`. I'll follow up on > > each of those PRs to see if they will be completed soon. > > > > Thanks, > > Michael > > > > [0] - https://github.com/apache/pulsar/compare/v2.7.3...branch-2.7 > > [1] - > > https://github.com/apache/pulsar/pulls?q=is%3Aopen+is%3Apr+label%3Arelease%2F2.7.4 > >
