+1 (binding)
* check the license headers
* build the source
* run producer/consumer with message listener (source/npm package)
* verify checksum and signatures
==
Hiroyuki Sakai
Yahoo Japan Corp.
E-mail: hsa...@yahoo-corp.jp
From: Baodi Shi
Sent: Wednesd
Hi Baodi,
I ran npm audit and it has detected the following vulnerabilities:
```
$ npm audit
# npm audit report
json5 <1.0.2 || >=2.0.0 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method -
https://github.com/advisories/GHSA-9c47-m6qq-7p4h
Prototype Pollution in JSON5 via Parse
Hi, @Oguni Hideaki
Thanks for your feedback.
How about cherry-picking this PR to address the high severity
> vulnerabilities?
>
Sure, I’ll push 1.8.2-rc.4 latter.
Let's wait another day and see if there is any other feedback.
Thanks,
Baodi Shi
On Apr 13, 2023 at 17:46:23, Oguni Hideaki wrot
Here's an update on my progress. I reproduced Dave's observations with
the following steps:
1. Download and unpack 3.0.0 RC 1.
2. Add these two settings to the conf/standalone.conf:
exposingBrokerEntryMetadataToClientEnabled=true
brokerEntryMetadataInterceptors=org.apache.pulsar.common.intercept.
By my testing using the above steps to reproduce the issue, I do not
see the bug on commit [0] but I do see it on the subsequent commit
[1].
That indicates [1], which is the bookkeeper client upgrade to 4.16.0
commit, introduced the problem. I need to sign off soon. I appreciate
any help you can p
I ended up digging a little longer. I have some partial results to share.
It seems to me the problem was likely introduced by this Bookkeeper PR
https://github.com/apache/bookkeeper/pull/3783.
These are likely the problematic lines:
https://github.com/apache/bookkeeper/blob/234b817cdb4e054887ffd5
Hi,
I think this
https://lists.apache.org/thread/f2fhvyx202xzxbho909j430h63yvwjlo is a very
strong "-1"
On Wed, Apr 12, 2023 at 4:33 AM Zike Yang wrote:
> This is the first release candidate for Apache Pulsar, version 3.0.0.
>
> It fixes the following issues:
> https://github.com/apache/pulsar/
