+1 (binding) - built from sources, JDK8 in MacOS - run pulsar standalone, smoke tests - verified checksum and digital signatures - I took a look to the Maven staging repository (verified that "integration tests jars" are present)
Thanks for driving the release Enrico Il giorno mar 21 dic 2021 alle ore 11:54 Enrico Olivelli < eolive...@gmail.com> ha scritto: > > > Il giorno mar 21 dic 2021 alle ore 11:49 Shivji Kumar Jha < > shiv4...@gmail.com> ha scritto: > >> Hi LinLin, >> >> Log4j version 2.16.0 has DDoS possibilities in some cases [1] . Can we >> move >> to Log4j 2.17.0 in 2.8.2? >> > > is it included > https://github.com/apache/pulsar/tree/v2.8.2-candidate-2 > > Enrico > > >> >> Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did >> not >> > protect from uncontrolled recursion from self-referential lookups. This >> > allows an attacker with control over Thread Context Map data to cause a >> > denial of service when a crafted string is interpreted. This issue was >> > fixed in Log4j 2.17.0 and 2.12.3. >> >> >> >> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105 >> >> Regards, >> Shivji Kumar Jha >> http://www.shivjijha.com/ >> +91 8884075512 >> >> >> On Tue, 21 Dec 2021 at 14:42, Masahiro Sakamoto <massa...@yahoo-corp.jp> >> wrote: >> >> > +1 (binding) >> > >> > - Checked checksums and signatures >> > - Checked license headers using Apache Rat >> > - Compiled the source >> > - Ran the standalone server >> > - Confirmed that producer and consumer work properly >> > - Validated functions, connectors, and stateful functions >> > >> > Regards, >> > >> > Masahiro Sakamoto >> > Yahoo Japan Corp. >> > E-mail: massa...@yahoo-corp.jp >> > >> > -----Original Message----- >> > From: Hiroyuki Sakai <hsa...@yahoo-corp.jp> >> > Sent: Tuesday, December 21, 2021 1:07 PM >> > To: dev@pulsar.apache.org >> > Subject: Re: [VOTE] Apache Pulsar 2.8.2 candidate 2 >> > >> > +1 (binding) >> > >> > - check signatures/checksums >> > - Built sources >> > - Validate Pub/Sub and Java Functions >> > - Validate Connectors >> > - Validate Stateful Functions >> > >> > Regards, >> > Hiroyuki >> > >> > >> > ________________________________ >> > From: linlin <lin...@apache.org> >> > Sent: Monday, December 20, 2021 20:18 >> > To: dev@pulsar.apache.org <dev@pulsar.apache.org> >> > Subject: [VOTE] Apache Pulsar 2.8.2 candidate 2 >> > >> > This is the second release candidate for Apache Pulsar, version 2.8.2 >> > >> > It fixes the following issues: >> > >> > >> https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fpulsar%2Fissues%3Fq%3Dlabel%253Acherry-picked%252Fbranch-2.8%2Blabel%253Arelease%252F2.8.2%2Bis%253Aclosed&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qYRCQ3Fohdy%2B6U2trDKNTO0w406ATKPZ6cPZExBQTJ4%3D&reserved=0 >> > >> > *** Please download, test and vote on this release. This vote will stay >> > open >> > for at least 72 hours *** >> > >> > Note that we are voting upon the source (tag), binaries are provided for >> > convenience. >> > Source and binary files: >> > >> > >> https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdist.apache.org%2Frepos%2Fdist%2Fdev%2Fpulsar%2Fpulsar-2.8.2-candidate-2%2F&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=TfezF%2BDzswX5xpbXNM1GXzW8Msqj1GkjGt4ULF6xKZA%3D&reserved=0 >> > >> > SHA-512 checksums: >> > >> > >> 59aa0a14188a766ce802ba30cbaa2584a1904d26d8f41f164d3f97ea1970aa1391e11755d8077c96aeb136d2b9d73bf8b768978de7fa7f71d69cb57e2c1fce8c >> > apache-pulsar-2.8.2-bin.tar.gz >> > >> > >> > >> 82a1423fda4004297ca2867279077ed261c7149be96deca2c127ba5b91af08fec80dc4a8b15ee2ba8704e209efa577a0c7b4cfb78341d3a43a38bf476c894c5c >> > apache-pulsar-2.8.2-src.tar.gz >> > >> > Maven staging repo: >> > >> > >> https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Frepositories%2Forgapachepulsar-1129%2F&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=4TVSZI76N8xalmLLwJyvtUJkkpNC7T0s2Taj%2Fc5CKgg%3D&reserved=0 >> > >> > The tag to be voted upon: >> > v2.8.2-candidate-2 (4b9cadcd57e41bc8eb95cc9b9917f938365b1cca) >> > >> > >> https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fpulsar%2Freleases%2Ftag%2Fv2.8.2-candidate-2&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Ba6OsrGNvcCsuYFgPp%2Btg49yRHK%2FVBmWumN7haK%2Birw%3D&reserved=0 >> > >> > Pulsar's KEYS file containing PGP keys we use to sign the release: >> > >> > >> https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdist.apache.org%2Frepos%2Fdist%2Fdev%2Fpulsar%2FKEYS&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=EyKfkM0wHvCOASccnZw4QN6yjtSp8lzDrKAO%2FnB3IXk%3D&reserved=0 >> > >> > Release notes draft: >> > >> > >> https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fpulsar%2Fpull%2F13400&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=l1tCWGIinNawL%2B%2Bui0PwSLlBn0UmKT5nX8dmH1Wfidg%3D&reserved=0 >> > >> > Please download the source package, and follow the README to build >> > and run the Pulsar standalone service. >> > >> >
