+1 Best, Wenbing
Hang Chen <chenh...@apache.org> 于2024年9月29日周日 15:21写道: > +1 > > Best, > Hang > > ZhangJian He <shoot...@gmail.com> 于2024年9月27日周五 15:51写道: > > > > +1 > > > > Thanks > > ZhangJian He > > > > On Fri, Sep 27, 2024 at 3:31 PM Nicolò Boschi <boschi1...@gmail.com> > wrote: > > > > > > +1 > > > > > > Thanks > > > Nicolò Boschi > > > > > > Il giorno gio 26 set 2024 alle ore 20:07 Matteo Merli > > > <matteo.me...@gmail.com> ha scritto: > > > > > > > > +1 thanks for taking care of this. > > > > -- > > > > Matteo Merli > > > > <matteo.me...@gmail.com> > > > > > > > > > > > > On Thu, Sep 26, 2024 at 10:52 AM Lari Hotari <lhot...@apache.org> > wrote: > > > > > > > > > Hi all, > > > > > > > > > > BookKeeper 4.16.6 was released on June 26th, 3 months ago, and I > > > > > would like to discuss starting the 4.16.7 release to include some > > > > > critical security and bug fixes. > > > > > > > > > > The main reason for driving this release is the need to have a new > > > > > release for Pulsar 3.0.7 with a fix for Protobuf CVE-2024-7254. > That CVE > > > > > is categorized as high (8.7/10). It's a potential denial-of-service > > > > > issue that doesn't pose a practical additional risk for BookKeeper > or > > > > > Pulsar users. Since it's in the high category, we must address it > > > > > before the release. > > > > > > > > > > It's necessary to upgrade protobuf-java to 3.25.5 and include a > > > > > compatible grpc-java version as well. > > > > > Past experience in Pulsar has taught us that this has been the > safest > > > > > approach > > > > > to handle protobuf-java upgrades first in BookKeeper and after > that in > > > > > Pulsar. > > > > > > > > > > The merged PR to upgrade to protobuf-java 3.25.5 in the master > branch is > > > > > https://github.com/apache/bookkeeper/pull/4508. > > > > > > > > > > Here are the current PRs for 4.16.7: > > > > > > > > > > > https://github.com/apache/bookkeeper/pulls?q=is%3Apr+label%3Arelease%2F4.16.7+is%3Amerged > > > > > > > > > > If you have other PRs that you want to be included in this release, > > > > > please tag the PR with "release/4.16.7" and reply to this thread. > > > > > > > > > > I'd like to volunteer as the release manager for this release. I > > > > > haven't performed this role in the BookKeeper project before, so I > > > > > hope there's someone who could assist me when I need help. > > > > > > > > > > Thanks, > > > > > > > > > > -Lari > > > > > >
