Sorry I forgot that this thread about 1.4.3 existed and opened a new DISCUSS thread to do a 1.4.3 release.
On Mon, Dec 4, 2023 at 11:25 AM Jean-Baptiste Onofré <j...@nanthrax.net> wrote: > Hi Gabor > > It sounds reasonable to me. > > Let me review #9183. > > Thanks ! > Regards > JB > > On Mon, Dec 4, 2023 at 9:51 AM Gabor Kaszab <gaborkas...@apache.org> > wrote: > > > > Hey, > > > > We have recently found a regression in the expireSnapshot functionality. > https://github.com/apache/iceberg/pull/9183 Would it make sense to > include thisfix as well to the next patch release? > > > > Gabor > > > > On Sun, Dec 3, 2023 at 6:04 AM Jean-Baptiste Onofré <j...@nanthrax.net> > wrote: > >> > >> Hi Fokko, > >> > >> I know we have some fixes on the fly. So, let me do a new pass on > >> issues and backports and I will send an update on the mailing list > >> (early next week). > >> > >> Thanks ! > >> Regards > >> JB > >> > >> On Sun, Dec 3, 2023 at 1:40 AM Fokko Driesprong <fo...@apache.org> > wrote: > >> > > >> > Hey JB, > >> > > >> > I think there is no harm in doing a patch release. > >> > > >> > There was another request to backport an issue, I've created a PR: > https://github.com/apache/iceberg/pull/8969#issuecomment-1837286383 > >> > > >> > Kind regards, > >> > Fokko > >> > > >> > Op wo 22 nov 2023 om 18:50 schreef Jean-Baptiste Onofré < > j...@nanthrax.net>: > >> >> > >> >> Hi guys > >> >> > >> >> Quick update about that: > >> >> 1. I took a deeper look today about the Avro CVE issue. I don't think > >> >> we are impacted on Iceberg (the CVE is about deserialization of > >> >> corrupted data potentially causing out of memory). The fix > >> >> (https://github.com/apache/avro/commit/a12a7e44d) introduces > >> >> SystemLimitException that uses system properties to define boundaries > >> >> and avoid the OOM (even if the deserialization won't still work :)). > >> >> So, nothing really changes from an Iceberg perspective. > >> >> 2. As discussed during the community meeting today, as (1) doesn't > >> >> really have an impact on Iceberg, there's no urgency to release > 1.4.3. > >> >> We agreed to wait new fixes for 1.4.3 release. > >> >> > >> >> I'm still volunteering to cut the 1.4.3 patch release when ready (I > >> >> did all the build checks on my machine :)), and I'm doing a pass on > GH > >> >> issues. > >> >> > >> >> Thanks ! > >> >> Regards > >> >> JB > >> >> > >> >> On Tue, Nov 21, 2023 at 8:49 PM Jean-Baptiste Onofré < > j...@nanthrax.net> wrote: > >> >> > > >> >> > Hi > >> >> > > >> >> > We chatted about the 1.4.3 release with Ed. > >> >> > > >> >> > We have few PRs we want to include and as it’s Thanksgiving this > week, I will submit the release to vote on Tuesday next week. > >> >> > > >> >> > Regards > >> >> > JB > >> >> > > >> >> > Le lun. 20 nov. 2023 à 17:24, Jean-Baptiste Onofré < > j...@nanthrax.net> a écrit : > >> >> >> > >> >> >> Thanks Fokko ! > >> >> >> > >> >> >> I'm on the local build check and issue pass. I plan to start the > >> >> >> release tomorrow. > >> >> >> > >> >> >> Regards > >> >> >> JB > >> >> >> > >> >> >> On Mon, Nov 20, 2023 at 8:56 AM Driesprong, Fokko > <fo...@driesprong.frl> wrote: > >> >> >> > > >> >> >> > I took the liberty and created a 1.4.3 milestone to track any > issues that we want to backport. > >> >> >> > > >> >> >> > Kind regards, > >> >> >> > Fokko Driesprong > >> >> >> > > >> >> >> > Op ma 20 nov 2023 om 08:50 schreef Driesprong, Fokko > <fo...@driesprong.frl>: > >> >> >> >> > >> >> >> >> Hey JB, > >> >> >> >> > >> >> >> >> Late to the party here, but 1.4.3 sounds like a great idea. > Let me know if you need any help with any release steps. > >> >> >> >> > >> >> >> >> Kind regards, > >> >> >> >> Fokko Driesprong > >> >> >> >> > >> >> >> >> Op ma 20 nov 2023 om 08:16 schreef Jean-Baptiste Onofré < > j...@nanthrax.net>: > >> >> >> >>> > >> >> >> >>> Hi > >> >> >> >>> > >> >> >> >>> As there's no objection, I will move forward and prepare the > release to vote. > >> >> >> >>> > >> >> >> >>> I will keep you posted asap. > >> >> >> >>> > >> >> >> >>> Thanks, > >> >> >> >>> Regards > >> >> >> >>> JB > >> >> >> >>> > >> >> >> >>> On Wed, Nov 15, 2023 at 6:11 AM Jean-Baptiste Onofré < > j...@nanthrax.net> wrote: > >> >> >> >>> > > >> >> >> >>> > Hi guys, > >> >> >> >>> > > >> >> >> >>> > Avro 1.11.3 has been released, fixing CVE-2023-39410. > >> >> >> >>> > We already updated to Avro 1.11.3 on main. > >> >> >> >>> > > >> >> >> >>> > About CVE, we also already use guava 32.1.3, fixing > CVE-2023-2976. > >> >> >> >>> > > >> >> >> >>> > As the Avro CVE is classified high (see > >> >> >> >>> > https://nvd.nist.gov/vuln/detail/CVE-2023-39410), I > propose to bump to > >> >> >> >>> > Avro 1.11.3 on our 1.4.x branch and release Iceberg 1.4.3 > including > >> >> >> >>> > this. > >> >> >> >>> > > >> >> >> >>> > Thoughts ? > >> >> >> >>> > > >> >> >> >>> > If there are no objections, I'm volunteer to drive this > release. > >> >> >> >>> > > >> >> >> >>> > Thanks, > >> >> >> >>> > Regards > >> >> >> >>> > JB >
