+1 -- Matteo Merli <matteo.me...@gmail.com>
On Tue, Feb 7, 2023 at 6:49 PM Yunze Xu <y...@streamnative.io.invalid> wrote: > > Hi all, > > There is a serious OAuth2 authentication regression [1] for all > existing C++ client 3.x.y releases. I see many users tend to downgrade > to old versions like 2.10.2. This behavior is dangerous because of the > CVE. > > The fix [2] is now merged, so I decided to start a 3.1.2 release ASAP, > though the 3.1.1 release is not formally announced yet. The Python > 3.1.0 release in progress and the Node.js 1.8.1 release will depend on > this version. > > [1] https://lists.apache.org/thread/6rrq4lj965rm0zqk9rtwwf6gcqb02220 > [2] https://github.com/apache/pulsar-client-cpp/pull/190 > > Thanks, > Yunze
