Thanks Damien, you’re right with the Jira tickets that’s probably my bad. I merged the patches, but forgot to update Jira tickets to resolved and to set the fix versions accordingly. I’ve fixed them both.
I’ll update the release notes if we’ll have a new RC, but skip for now if we won’t. Not a huge issue. Thanks, Andor > On Aug 21, 2025, at 05:41, Damien Diederen <[email protected]> wrote: > > > Hi Andor, all, > > +1 (binding). > > I went through my usual set of checks: > > - Tarball contents match repository tag; > > - Verified checksums and signatures; > > - Ran `dependency-check:check`; > > - Built and smoke-tested on NixOS with a slightly adapted version of > the Nix recipe and test case; > > - Smoke-tested a standalone server with the (corresponding) Java, C > and Perl clients, as well as the zkfuse contrib; > > *NOTE* (Minor) My recipe failed to compiled the Perl client with the > latest GCC, so I used a previous version. I will look into it and > may create a ticket. This is not a blocker as the Perl client is a > `-contrib`; > > - Smoke-tested a 3-ensemble with the (corresponding) Java client and > SASL/GSSAPI. > > *NOTE* (Minor) It seems the release notes are technically missing > entries for these two tickets—but they're only about dependency > upgrades: > > - ZOOKEEPER-4890, "Update Netty to fix CVE-2024-47535"; > > - ZOOKEEPER-4932, "The newest version of zookeeper includes Jetty > versiob 9.4.57.x which has CVE-2024-6763 issue." > > All in all: LGTM—thank you! > > Cheers, > Damien > > > > Andor Molnar <[email protected]> writes: >> This is a release candidate for 3.9.4. >> >> This is a minor release with bug- and security fixes. Important to >> note that due to security issues we’ve upgraded logback to 1.3.15 and >> slf4j to 2.0.13. No ZooKeeper code changes have been involved in this >> upgrade, but the SLF4j upgrade was a major version increase, so keep >> an eye on that during your testing. >> >> The full release notes is available at: >> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12355230 >> >> *** Please download, test and vote by August 26th 2025, 23:59 UTC+0. *** >> >> Source files: >> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.4-candidate-2/ >> >> Maven staging repo: >> https://repository.apache.org/content/repositories/orgapachezookeeper-1110/ >> >> The release candidate tag in git to be voted upon: release-3.9.4-2 >> https://github.com/apache/zookeeper/tree/release-3.9.4-2 >> >> ZooKeeper's KEYS file containing PGP keys we use to sign the release: >> https://www.apache.org/dist/zookeeper/KEYS >> >> The staging version of the website is: >> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.4-candidate-2/website/index.html >> >> Should we release this candidate? >> >> Andor
