I'm waiting for SOLR-14158 to be merged and will build the RC1. If
there are any fixes that should be backported, in your best judgement,
please feel free to port them to the branch_8_4 and let me know.
Thanks and regards,
Ishan
On Mon, Jan 6, 2020 at 8:17 PM Ishan Chattopadhyaya
<ichattopadhy...@gmail.com> wrote:
>
> Thanks Jan. I'll volunteer!
> I'd like to include SOLR-14158. It is a security issue. TLDR for that
> issue: if someone uses package manager and has ZK exposed to external
> traffic (by mistake or via a breach of outer perimeter), then RCE is
> possible on all Solr nodes since trusted keys are kept in ZK. We have
> documented that users mustn't expose ZK when using the package
> manager, but we feel we should do better and plug that hole. The
> proposed change in the issue is to store keys in filesystem, which is
> more secure than storing in ZK.
>
> On Mon, Jan 6, 2020 at 8:02 PM Jan Høydahl <jan....@cominvent.com> wrote:
> >
> > I’m calling off the 8.4.1 bugfix release for now. So feel free to grab the
> > RM chair if you have any other urgent itches to scrach :)
> >
> > Jan
> >
> > > 6. jan. 2020 kl. 09:36 skrev Jan Høydahl <jan....@cominvent.com>:
> > >
> > > Regarding 8.4.1 release, there won’t be an RC today.
> > >
> > > If setting SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false proves a viable
> > > workaorund short term I may not push for an 8.4.1 at all.
> > > So feel free to continue discussion on whether there are other bugs that
> > > warrant an 8.4.1 releaes…
> > >
> > > Jan
> > >
> > >> 3. jan. 2020 kl. 14:57 skrev Jan Høydahl <jan....@cominvent.com>:
> > >>
> > >> Happy new year!
> > >>
> > >> I have merged these two fixes into branch_8_4
> > >>
> > >> * SOLR-14106: Cleanup Jetty SslContextFactory usage (Ryan Rockenbaugh,
> > >> Jan Hoydahl, Kevin Risden)
> > >> * SOLR-14109: Always log to stdout from
> > >> server/scripts/cloud-scripts/zkcli.{bat|sh} (janhoy)
> > >>
> > >> Still planning to roll a first RC for 8.4.1 release on Monday, so make
> > >> sure to get your important JIRAs in by then.
> > >>
> > >> Jan
> > >>
> > >>> 30. des. 2019 kl. 13:14 skrev Jan Høydahl <jan....@cominvent.com>:
> > >>>
> > >>> Hi
> > >>>
> > >>> I propose a quick 8.4.1 bugfix release and I volunteer as RM.
> > >>>
> > >>> I plan to build RC1 on Monday January 6th, one week from now.
> > >>>
> > >>> Feel free to merge bug fixes to branch_8_4, just drop a word here.
> > >>> As usual, do NOT merge features or large changes that risk the
> > >>> stability of the release.
> > >>> Minor fixes to documentation, build system etc won’t need a mention in
> > >>> CHANGES, unless you want to give credit to a contributor.
> > >>>
> > >>> Please leave branch_8_4 Jenkins jobs running.
> > >>>
> > >>> --
> > >>> Jan Høydahl, Apache Lucene committer
> > >>> jan...@apache.org
> > >>>
> > >>
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> > For additional commands, e-mail: dev-h...@lucene.apache.org
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
