Thanks Ryan ! Go RC2 Go !
On Tue, Mar 9, 2021 at 6:19 PM Ryan Skraba <[email protected]> wrote: > > Hello everyone! I've been testing the RC1 in a lot of our internal code, > and a colleague brought up a potential high-priority CVE with that has been > fixed in Velocity 2.3. > > Looking at the recent Velocity change logs, it doesn't seem like there's > any change that indicates a vulnerability in our use of velocity to > generate code, but since we can transparently bump to a fixed version, we > probably should. > > I'm cancelling the RC1, and I'll propose a vote on new artifacts very, very > soon. > > On the positive side, I ran the API compatibility tools on the entire Avro > project with 99.99% binary and source compatibility, which is nice! The > one change was a recent change to the ZstandardCodec constructor, but > noting that all instances are constructed using factory methods. Parquet > and all of our internal code currently using Avro 1.10.1 passed all unit > tests with Avro 1.10.2-rc1. > > See you soon with RC2! > > Ryan > > On Fri, Mar 5, 2021 at 6:06 PM Ryan Skraba <[email protected]> wrote: > > > Hi everyone, > > > > I'd like to propose the following RC1 to be released as the official Apache > > Avro 1.10.2 release. > > > > The commit id is 56de625fd2b5a9b4e40bb0f9bcef1791d5ac5b40 > > * This corresponds to the tag: release-1.10.2-rc1 > > * https://github.com/apache/avro/releases/tag/release-1.10.2-rc1 > > > > The release tarball, signature, and checksums are here (revision 46480.) > > * https://dist.apache.org/repos/dist/dev/avro/avro-1.10.2-rc1/ > > > > You can find the KEYS file here: > > * https://dist.apache.org/repos/dist/dev/avro/KEYS > > > > Binary artifacts for Java are staged in Nexus here: > > * > > https://repository.apache.org/content/groups/staging/org/apache/avro/avro/1.10.2/ > > > > This release includes ~30 Jira issues: > > * > > https://jira.apache.org/jira/issues/?jql=project%20%3D%20AVRO%20AND%20fixVersion%20%3D%201.10.2 > > > > Some interesting highlights: > > > > Avro specification > > - [AVRO-3028] Clarify that records encode values even if they equal their > > default > > > > C# > > - [AVRO-3005][AVRO-2983] BinaryDecoder fails to read large strings > > > > C++ > > - [AVRO-3031] avrocppgen does not generate correct C++ code when the > > schema contains > > C++ reserved words > > > > Java > > - [AVRO-2471] Java code generation doesn't add conversion for > > timestamp-micros > > - [AVRO-2860] More Closely Adhere to ASF Parent POM > > - [AVRO-2944] DataFileReader has incorrect logic reading magic header > > - [AVRO-3024] Bump Jackson to 2.12.1 > > - [AVRO-3060] Support ZSTD level and BufferPool options > > - [AVRO-3049] BinaryDecoder lacks checks on bytes array length > > > > Python > > - [AVRO-3006] Update PyPI documentation to deprecate avro-python3 > > *** The avro package supports Python 3, and avro-python3 will be removed > > in > > the next major release *** > > > > Ruby > > - [AVRO-2984] Unnecessary memory allocations during serialization > > - [AVRO-2998] Records with symbol keys fail validation > > - [AVRO-2999] Optimize Ruby union serialization > > - [AVRO-3000] Avoid unnecessary schema compatibility checks > > - [AVRO-3023] Validate with Ruby 3 > > > > * Upgrade dependencies to latest versions, including CVE fixes. > > * Multiple fixes, better documentation and more... > > > > Avro 1.10 is still using Travis, but the status isn't necessarily > > reflected on the branch in github: > > * https://travis-ci.com/github/apache/avro/builds/219113613 > > > > Please download, verify, and test. This vote will remain open for at least > > 72 hours. Given sufficient votes, I would like to close after the weekend > > on > > noon UTC Wednesday, March 10th, 2021 > > > > [ ] +1 Release this as Apache Avro 1.10.2 > > [ ] +0 > > [ ] -1 Do not release this because... > > > > Best regards, > > Ryan Skraba > >
