Hi Wei, all,Last week Wei said that there were a number of security issues that should be addressed before the first 4.18.2.0 RC, and thus, the same was delayed by a week; after that announcement, there were a few PRs fixing security issues on 4.18; most have been merged already, and only one critical PR remains open.
After the last critical PR is merged, may we proceed with the release process, or is there still any security issue that should be addressed?
Best Regards, João Jandre On 3/13/24 14:35, João Jandre Paraquetti wrote:
Hi Wei, all,Considering that there are some security issues, we can postpone the 4.18.2.0 release for another week. We will have two weeks before the first RC cut. Would that be enough time to solve all concerns?I'd rather not postpone the release too much or it might affect the next ones (4.19.1.0 and 4.20.0.0).Best regards, João Jandre On 3/12/24 09:40, Wei ZHOU wrote:Hi João, Unfortunately yes, there are SOME other security issues. The PMC is working on the fixes. I suggest we postpone the 4.18.2.0 release, otherwise we most likely will have a 4.18.2.1 release. -Wei On Tue, Mar 12, 2024 at 1:21 PM João Jandre Paraquetti <j...@scclouds.com.br> wrote:Hi Wei, Are you referring to #8729? If so, it was marked as critical (a few minutes ago); therefore, as I announced yesterday: "From now onward, we will only accept critical/blocker issues or any stabilization fixes" we are still accepting fixes for critical/blocker issues, and we will not release the RC until #8729 is fixed; same for #8745. Thus, we can keep the freeze anyway. Or is there other security issues that I'm missing? Best regards, João Jandre On 3/12/24 08:45, Wei ZHOU wrote:Hi João, As you might know, we/community are working on some security issues. Please hold on. -Wei On Mon, Mar 11, 2024 at 7:19 PM João Jandre Paraquetti <j...@scclouds.com.br> wrote:Hi all, I would like to announce the code freeze of the 4.18 branch now.From now onward, we will only accept critical/blocker issues or any stabilization fixes. We have 70 open items in the 4.18.2.0 milestone [1]at the moment. Most of them will be moved to the next milestone.Currently, there is one critical issue [1]. Which has an open PR to fix the same. I count on your support on working towards cutting RC1 in thecoming week. Regards, João Jandre [1] https://github.com/apache/cloudstack/milestone/29 [2] https://github.com/apache/cloudstack/issues/8745 On 2/8/24 16:06, João Jandre Paraquetti wrote:Hi, Rohit, allI don't see any critical problems that should be addressed ASAP on the4.18 branch; therefore, there should be no problem with postponing 4.18.2 a little bit. We still have several issues targeted at 4.18.2 that have yet to be addressed, so a couple more weeks before the freeze could be good.Yes, I still want to be the RM for 4.18.2. I triaged all the issues a couple of weeks ago and removed/added some issues to the milestone asI deemed necessary, but as Rohit said, if anyone has any issues/PRs they want in 4.18.2, please ping me so we can discuss/address any concerns. That being said, here's the updated schedule I propose: - Until the second week of March: accept bug fixes and minor improvements; - Third week of March: accept only blocker and critical bug fixes, aiming to stabilize the branch; - End of March: start cutting RCs, vote, and finish release work. Best regards, João Jandre On 2/8/24 03:22, Rohit Yadav wrote:Hi Joao, all, Given we’re only now more available after the major 4.19 release towork on other releases, could we reconsider the timeline and come upwith an updated plan.I think we should target early March to give us some space to work onthe issues and PRs. Joao - I’m assuming you still want to be RM forthe release, have you triaged the current issues and PRs to identifythe must haves and good to haves for 4.18.2 ? And anyone else have any must have issues and PRs they want in 4.18? Regards. Regards. ________________________________ From: João Jandre Paraquetti <j...@scclouds.com.br> Sent: Monday, December 11, 2023 6:18:34 PM To: dev@cloudstack.apache.org <dev@cloudstack.apache.org> Subject: Re: [PROPOSE] ACS 4.18.2.0I think we can push a week or two earlier on the proposed schedule, itwould look something like this:- From now till the final week of January (1.5 months): accept bugfixes and minor improvements- First week of February: accept only blocker and critical bugfixes, aiming to stabilize the branch. - Second week of February: start cutting RCs, vote and finish release work. What do you think? Best regards, João Jandre. On 12/9/23 17:22, Rohit Yadav wrote:+1 Given, 4.18 branch is benefitting from maintenance work already, Iwouldn't mind if you want to push it earlier to even say end of Jan,and target release in Feb 2024. Regards. ________________________________ From: João Jandre Paraquetti <j...@scclouds.com.br> Sent: Friday, December 8, 2023 23:32 To: dev@cloudstack.apache.org <dev@cloudstack.apache.org> Subject: [PROPOSE] ACS 4.18.2.0 Hi all, As suggested on the 4.20.0.0 discussion thread (seehttps://lists.apache.org/thread/nyoddmwydz2t59hsfs7gf0vozlf7n434), I'd like to propose the release of version 4.18.2.0 with myself as the RM,here's a rough timeline:- From now till the second week of February (2 months): accept bugfixes and minor improvements- Third week of February: accept only blocker and critical bugfixes, aiming to stabilize the branch.- End of February: start cutting RCs, vote and finish release work.We currently have 7 open PRs [1] and 51 open issues [2] with 4.18.2.0 as milestone, I believe the above timeline should give enough time to solve all concerns. In case anyone wants to include a bug fix or a pull request in 4.18.2.0 milestone, please mention me (JoaoJandre) on github. If anyone has any suggestions, please voice them. [1]:https://github.com/apache/cloudstack/pulls?q=is%3Apr+milestone%3A4.18.2.0+is%3Aopen[2]:https://github.com/apache/cloudstack/issues?q=is%3Aopen+is%3Aissue+milestone%3A4.18.2.0Best regards, João Jandre
