Hello, I would like to bring the attention to https://issues.apache.org/jira/browse/AVRO-2531 They discovered a CVE that allows to do a DoS via commons-compress. Due that this is a 'core' dependency for us. I think we should probably do an extra RC to include this one.
WDYT? On Wed, Aug 28, 2019 at 4:08 AM Brian Lachniet <[email protected]> wrote: > > +1 > > - Verified all checksums & signatures > - Built and tested C# bindings > - Validated NuGet packages for C# bindings > > > On Tue, Aug 27, 2019 at 5:53 PM Daniel Kulp <[email protected]> wrote: > > > +1 > > > > Did a bunch of testing with the java stuff on my Mac and some minor > > testing with the other languages in Docker. Looks OK. > > > > Dan > > > > > > > > > > > On Aug 26, 2019, at 3:34 PM, Driesprong, Fokko <[email protected]> > > wrote: > > > > > > Hi everyone, > > > > > > I'm delighted to propose the following RC to be released as official > > Apache > > > Avro 1.9.1 release. > > > > > > The commit id is aa9abbabd0efca5d86d33a1db74dcbb36203f607 > > > * This corresponds to the tag: release-1.9.1-rc2 > > > * https://github.com/apache/avro/releases/tag/release-1.9.1-rc2 > > > > > > The release tarball, signature, and checksums are here: > > > * https://dist.apache.org/repos/dist/dev/avro/avro-1.9.1-rc2/ > > > > > > You can find the KEYS file here: > > > * https://dist.apache.org/repos/dist/dev/avro/KEYS > > > > > > Binary artifacts for Java are staged in Nexus here: > > > * > > > > > https://repository.apache.org/content/groups/staging/org/apache/avro/avro/1.9.1/ > > > > > > This release includes 31 Jira issues: > > > > > https://jira.apache.org/jira/issues/?jql=project%20%3D%20AVRO%20AND%20fixVersion%20%3D%201.9.1 > > > * Most important, fix regression issues: > > > * Java: decoding schema's: > > https://jira.apache.org/jira/browse/AVRO-2400 > > > * .Net: Performance issue: > > https://jira.apache.org/jira/browse/AVRO-2396 > > > * Java: Make org.apache.avro.Schema serializable > > > * Java: Ability to add custom object to Velocity templating > > > * Improved interoperability testing > > > * Removed NPE's > > > * Upgrade dependencies to latest to the latest version > > > * And many more :-) > > > > > > Since RC1: > > > - Expand access of ProtobufData methods: > > > > > https://github.com/apache/avro/commit/9f5209caeadd45d7a7787005ec1a106540f93c88 > > > - Fix std::string(NULL) in DataFile.cc: > > > > > https://github.com/apache/avro/commit/2dfb04d9114270b55b079617066f52b602a703d2 > > > - Add Automatic-Module-Name headers for Avro modules: > > > > > https://github.com/apache/avro/commit/e189fe82a71822bede60b60fc74e11f250039f6d > > > - Move Perf module classes into its own package: > > > > > https://github.com/apache/avro/commit/4efbf589732f615400636d78cd02389bf3d3bef2 > > > - Exclude test resources from license check: > > > > > https://github.com/apache/avro/commit/aa9abbabd0efca5d86d33a1db74dcbb36203f607 > > > > > > Please download, verify, and test. This vote will remain open for at > > least > > > 72 hours. Given sufficient votes, I would like to close it on or about > > > midnight > > > on Thursday, 29 August 2019. > > > > > > [ ] +1 Release this as Apache Avro 1.9.1 > > > [ ] -1 Do not release this because... > > > > > > Consider this a +1 (binding) from my side: > > > * Compiled against Divolte collector and Iceberg > > > * Checked the licenses using `mvn verify` > > > > > > Cheers, Fokko Driesprong > > > > -- > > Daniel Kulp > > [email protected] <mailto:[email protected]> - http://dankulp.com/blog < > > http://dankulp.com/blog> > > Talend Community Coder - http://talend.com <http://coders.talend.com/> > > > > > -- > > [image: 51b630b05e01a6d5134ccfd520f547c4.png] > > Brian Lachniet > > Software Engineer > > E: [email protected] | blachniet.com <http://www.blachniet.com> > > <https://twitter.com/blachniet> <http://www.linkedin.com/in/blachniet>
