+1 Sounds good Sean.
As discussed earlier we should all feel free to bump the minor version on branch-1 whenever a compatibility guideline requires it. If we ever need to make a 1.5.1 or 1.5.2 for a user who is on 1.5.0 and requests a specific fix that conforms to patch compatibility requirements, and we think we should do such a release, it's easy enough to make a patch branch from a release tag on demand. And otherwise not worry about it. > On Oct 29, 2019, at 6:25 AM, Sean Busbey <[email protected]> wrote: > > Hi folks! > > HBASE-23210 "Per user metrics" landed yesterday on branch-1 (thanks > Andrew!). This a new feature is enough to justify a 1.6.0 and > shouldn't be in a maintenance release IMHO. as a result I plan to > update the version in branch-1 to 1.6.0 later today. > > Last week I had started the process to get 1.5.1 out the door (tracked > in HBASE-23220) in order to address the same Jackson CVE that we took > care with our latest 1.3 and 1.4 releases. Coincidentally I'm about to > merge another PR to branch-1 that addresses a new Jackson CVE. > > The maintenance cost of keeping a dependency on Jackson aside, do > folks still feel like we need more 1.5.z releases? > > Given our previously discussed goals to have more minor releases and > fewer maintenance releases, I'm inclined to just push forward with a > 1.6.0 release and tell folks on 1.5 to upgrade. The user metrics > feature can be opted out of so I think the relative risk on upgrade is > minimal.
