+1, thank you for fixing this issue, Yunze. - Michael
On Tue, Feb 7, 2023 at 9:11 PM Zike Yang <z...@apache.org> wrote: > > +1 > > Thanks, > Zike Yang > > On Wed, Feb 8, 2023 at 11:08 AM Matteo Merli <matteo.me...@gmail.com> wrote: > > > > +1 > > -- > > Matteo Merli > > <matteo.me...@gmail.com> > > > > On Tue, Feb 7, 2023 at 6:49 PM Yunze Xu <y...@streamnative.io.invalid> > > wrote: > > > > > > Hi all, > > > > > > There is a serious OAuth2 authentication regression [1] for all > > > existing C++ client 3.x.y releases. I see many users tend to downgrade > > > to old versions like 2.10.2. This behavior is dangerous because of the > > > CVE. > > > > > > The fix [2] is now merged, so I decided to start a 3.1.2 release ASAP, > > > though the 3.1.1 release is not formally announced yet. The Python > > > 3.1.0 release in progress and the Node.js 1.8.1 release will depend on > > > this version. > > > > > > [1] https://lists.apache.org/thread/6rrq4lj965rm0zqk9rtwwf6gcqb02220 > > > [2] https://github.com/apache/pulsar-client-cpp/pull/190 > > > > > > Thanks, > > > Yunze
