Thanks Josh! Will make a new RC1 soon.
Josh Elser <els...@apache.org> 于2021年12月14日周二 04:57写道: > -1 (binding) > > Log4j2 CVE mitigation is ineffective due an incorrect `export` in > bin/hbase-config.sh. Appears that HBASE-26557 tried to add the > mitigation to HBASE_OPTS but added spaces around either side of the > equals sign, e.g. `export HBASE_OPTS = ".."`, which is invalid syntax. > > > <snip> > $ ./bin/start-hbase.sh > /Users/jelser/hbase300alpha2rc0/hbase300/hbase-3.0.0-alpha-2/bin/hbase-config.sh: > > line 167: export: `=': not a valid identifier > /Users/jelser/hbase300alpha2rc0/hbase300/hbase-3.0.0-alpha-2/bin/hbase-config.sh: > > line 167: export: ` -Dlog4j2.formatMsgNoLookups=true': not a valid > identifier > /Users/jelser/hbase300alpha2rc0/hbase300/hbase-3.0.0-alpha-2/bin/hbase-config.sh: > > line 167: export: `=': not a valid identifier > /Users/jelser/hbase300alpha2rc0/hbase300/hbase-3.0.0-alpha-2/bin/hbase-config.sh: > > line 167: export: ` -Dlog4j2.formatMsgNoLookups=true': not a valid > identifier > </snip> > > More naively, and just in plain bash: > <snip> > bash-5.1$ export FOO = "$FOO bar" > bash: export: `=': not a valid identifier > bash: export: ` bar': not a valid identifier > bash-5.1$ echo $FOO > </snip> > > I'll post a PR to fix after sending this. > > The good: > * xsums and sigs were OK > * Was able to run most unit tests locally > * Was able to launch using bin tarball > * Everything else looks great so far > > - Josh > > On 12/11/21 11:34 AM, Duo Zhang wrote: > > Please vote on this Apache hbase release candidate, > > hbase-3.0.0-alpha-2RC0 > > > > The VOTE will remain open for at least 72 hours. > > > > [ ] +1 Release this package as Apache hbase 3.0.0-alpha-2 > > [ ] -1 Do not release this package because ... > > > > The tag to be voted on is 3.0.0-alpha-2RC0: > > > > https://github.com/apache/hbase/tree/3.0.0-alpha-2RC0 > > > > This tag currently points to git reference > > > > 8bca21b47d7c809a0940aea8ed12dd4d2af12432 > > > > The release files, including signatures, digests, as well as CHANGES.md > > and RELEASENOTES.md included in this RC can be found at: > > > > https://dist.apache.org/repos/dist/dev/hbase/3.0.0-alpha-2RC0/ > > > > Maven artifacts are available in a staging repository at: > > > > > https://repository.apache.org/content/repositories/orgapachehbase-1472/ > > > > Artifacts were signed with the 9AD2AE49 key which can be found in: > > > > https://downloads.apache.org/hbase/KEYS > > > > 3.0.0-alpha-2 is the second alpha release for our 3.0.0 major release > line. > > HBase 3.0.0 includes the following big feature/changes: > > Synchronous Replication > > OpenTelemetry Tracing > > Distributed MOB Compaction > > Backup and Restore > > Move RSGroup balancer to core > > Reimplement sync client on async client > > CPEPs on shaded proto > > Move the logging framework from log4j to log4j2 > > > > 3.0.0-alpha-2 contains a critical security fix for addressing the log4j2 > > CVE-2021-44228. All users who already use 3.0.0-alpha-1 should upgrade > > to 3.0.0-alpha-2 ASAP. > > > > Notice that this is not a production ready release. It is used to let our > > users try and test the new major release, to get feedback before the > final > > GA release is out. > > So please do NOT use it in production. Just try it and report back > > everything you find unusual. > > > > And this time we will not include CHANGES.md and RELEASENOTE.md > > in our source code, you can find it on the download site. For getting > these > > two files for old releases, please go to > > > > https://archive.apache.org/dist/hbase/ > > > > To learn more about Apache hbase, please see > > > > http://hbase.apache.org/ > > > > Thanks, > > Your HBase Release Manager > > >
