The idea is to get a stable 1.5.0 out there and not necessarily release any more 1.3 and 1.4, ideally, not - and explicitly not address the Jackson issue in 1.3 and 1.4, unless like I asked you lot are ok with the patch as proposed. The advice for concerned parties would be "upgrade to 1.5".
On Wed, Aug 7, 2019 at 12:11 PM Zach York <[email protected]> wrote: > I'm fine with eventually EOLing 1.3 and 1.4, but I don't think we can do it > until we know 1.5.0 is for sure coming out within a reasonable time and > will be stable (the current stable pointer is 1.4.10 so what would we move > that to?). > > I'm always a fan of reducing maintenance burden, but let's hold off on > officially EOLing until we know users have something to move to. > > On Wed, Aug 7, 2019 at 11:51 AM Andrew Purtell <[email protected]> > wrote: > > > Changing subject line for visibility. > > > > On Wed, Aug 7, 2019 at 11:48 AM Stack <[email protected]> wrote: > > > > > EOL'ing 1.3+1.4 sounds good to me. > > > S > > > > > > On Wed, Aug 7, 2019 at 10:46 AM Andrew Purtell <[email protected]> > > > wrote: > > > > > > > HBASE-22728 addresses theoretical exposure to a Jackson CVE by us > (via > > > > hbase-rest) or to our downstream by removing Jackson artifacts from > our > > > > exported transitive dependencies, and by updating hbase-rest to use a > > > safe > > > > Jackson version. These changes are arguably not suitable for patch > > > releases > > > > because they can cause a transitive binary compatibility problem. For > > > this > > > > reason I would like us to consider immediate EOL of 1.3 and 1.4 with > a > > > > recommendation to upgrade to 1.5.0. > > > > > > > > In order for that to happen, we need to commit HBASE-22728 to > branch-1, > > > > then release 1.5.0 from head of branch-1, which I will do. Assuming > > test > > > > results are good I will propose a 1.5.0 release candidate in the next > > few > > > > days. > > > > > > > > Or would you find the HBASE-22728 change acceptable for a patch > > release? > > > > > > > > There are other good reasons to move on from 1.3 and 1.4, foremost a > > nice > > > > reduction in maintenance burden keeping up these old code lines. > > > > > > > > Are there any objections or concerns to this plan? > > > > > > > > -- > > > > Best regards, > > > > Andrew > > > > > > > > Words like orphans lost among the crosstalk, meaning torn from > truth's > > > > decrepit hands > > > > - A23, Crosstalk > > > > > > > > > > > > > -- > > Best regards, > > Andrew > > > > Words like orphans lost among the crosstalk, meaning torn from truth's > > decrepit hands > > - A23, Crosstalk > > > -- Best regards, Andrew Words like orphans lost among the crosstalk, meaning torn from truth's decrepit hands - A23, Crosstalk
