Changing subject line for visibility. On Wed, Aug 7, 2019 at 11:48 AM Stack <[email protected]> wrote:
> EOL'ing 1.3+1.4 sounds good to me. > S > > On Wed, Aug 7, 2019 at 10:46 AM Andrew Purtell <[email protected]> > wrote: > > > HBASE-22728 addresses theoretical exposure to a Jackson CVE by us (via > > hbase-rest) or to our downstream by removing Jackson artifacts from our > > exported transitive dependencies, and by updating hbase-rest to use a > safe > > Jackson version. These changes are arguably not suitable for patch > releases > > because they can cause a transitive binary compatibility problem. For > this > > reason I would like us to consider immediate EOL of 1.3 and 1.4 with a > > recommendation to upgrade to 1.5.0. > > > > In order for that to happen, we need to commit HBASE-22728 to branch-1, > > then release 1.5.0 from head of branch-1, which I will do. Assuming test > > results are good I will propose a 1.5.0 release candidate in the next few > > days. > > > > Or would you find the HBASE-22728 change acceptable for a patch release? > > > > There are other good reasons to move on from 1.3 and 1.4, foremost a nice > > reduction in maintenance burden keeping up these old code lines. > > > > Are there any objections or concerns to this plan? > > > > -- > > Best regards, > > Andrew > > > > Words like orphans lost among the crosstalk, meaning torn from truth's > > decrepit hands > > - A23, Crosstalk > > > -- Best regards, Andrew Words like orphans lost among the crosstalk, meaning torn from truth's decrepit hands - A23, Crosstalk
