Sure Istvan. We are setting up security scans and fix all possible vulnerabilities ASAP.
Nihal Jain from our team looking into it. Thanks, Rajeshbabu. On Thu, Oct 19, 2023, 9:35 AM Istvan Toth <st...@cloudera.com.invalid> wrote: > Regarding the guava update: > Since we're no longer supporting Java 7, we should switch to standard guava > in phoenix-thirdparty. > > The Omid repo also has several CVE related patches. > It would be nice to release Omid 1.1.1 before Phoenix 5.1.4 to make use of > them. > > Istvan > > On Thu, Oct 19, 2023 at 4:35 AM rajeshb...@apache.org < > chrajeshbab...@gmail.com> wrote: > > > Sure Istvan, am fine not delete old versions. > > > > We need to release phoenix-thirdparty fixing the guava vulnerability and > > make use here would be better. > > > > I would like to release it this weekend. If required will start another > > discussion thread or start release. > > > > @Visa we are trying to productionize the Phoenix with ACID compliance. We > > are in the early stages. > > > > > > > > On Wed, Oct 18, 2023, 11:01 PM Viraj Jasani <vjas...@apache.org> wrote: > > > > > Sounds good Istvan, let’s keep the versions. > > > > > > And thank you so much for fixing broken compilation for 2.1 and 2.2 > > > versions: > > > https://github.com/apache/phoenix/pull/1714 > > > > > > > > > On Tue, Oct 17, 2023 at 11:05 PM Istvan Toth > <st...@cloudera.com.invalid > > > > > > wrote: > > > > > > > I very much agree on the release. > > > > > > > > I don't remember why we didn't bump the Omid version in 5.1 after it > > was > > > > released. > > > > If it doesn't break anything, then it's a good thing. > > > > > > > > I disagree on removing the old HBase version support. > > > > > > > > Just as HBase doesn't remove support for old Hadoop versions in new > > patch > > > > (or even minor) releases, > > > > I think it would be much kinder to our users not to force them to > > upgrade > > > > HBase, when it really doesn't cost us > > > > much to maintain support for the old versions. (Even if the build > with > > > 2.1 > > > > and 2.2 is broken now) > > > > > > > > I think that we should make an effort to increase Phoenix adoption > > beyond > > > > SFDC and the CLDR customer base. > > > > Making life easier for users of the Apache releases by not forcing an > > > HBase > > > > upgrade is a step in that direction. > > > > Regular releases are also something that projects the image of a > > healthy > > > > project. > > > > > > > > Disclaimer: CLDR maintains an LTS release with Phoenix 5.1 and HBase > > 2.2, > > > > so it would make life a bit harder for us, too. > > > > > > > > Istvan > > > > > > > > On Wed, Oct 18, 2023 at 6:57 AM Viraj Jasani <vjas...@apache.org> > > wrote: > > > > > > > > > Thank you for the response, Rajeshbabu. > > > > > > > > > > > Bump up Omid to 1.1.0 > > > > > > > > > > Sounds good. > > > > > > > > > > > > > > > > Remove the support of HBase versions <2.3.x > > > > > > > > > > Those versions are long EOL'ed so yes perhaps it makes sense to > drop > > > > their > > > > > support, though I am not sure if we need to manage compatibility > for > > > the > > > > > patch release. > > > > > If we have consensus, it's fine to remove them. No strong opinion > > > either > > > > > way but I am slightly inclined to remove the support since they are > > > > already > > > > > EOL'ed. > > > > > > > > > > 2.3 is also EOL'ed, but we should keep it anyway since it was a > > stable > > > > > release line for quite some time and some users might still be > using > > > > 2.3.x > > > > > versions. > > > > > > > > > > > > > > > On Tue, Oct 17, 2023 at 9:38 PM rajeshb...@apache.org < > > > > > chrajeshbab...@gmail.com> wrote: > > > > > > > > > > > +1 > > > > > > > > > > > > Would be better to do few things before release. > > > > > > 1) Bump up Omid to 1.1.0 > > > > > > 2) Remove the support of HBase versions <2.3.x > > > > > > > > > > > > These would just backports . I will do it if it's fine. > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > > > > On Wed, Oct 18, 2023 at 9:14 AM Viraj Jasani <vjas...@apache.org > > > > > > wrote: > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > It's been almost a year since we had the last patch release on > > the > > > > 5.1 > > > > > > > release line. As discussed on other threads, 5.2 release can > > wait a > > > > > > little > > > > > > > longer for some of the features that are in progress. In the > > > > meantime, > > > > > we > > > > > > > should also keep the 5.1 release line active. > > > > > > > > > > > > > > We have some good contributions on the 5.1 release line. Unless > > > > anyone > > > > > > > would like to be the RM for 5.1.4, I would volunteer to start > the > > > > > release > > > > > > > preparation early next week. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > *István Tóth* | Sr. Staff Software Engineer > > > > *Email*: st...@cloudera.com > > > > cloudera.com <https://www.cloudera.com> > > > > [image: Cloudera] <https://www.cloudera.com/> > > > > [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: > > > > Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: > > > Cloudera > > > > on LinkedIn] <https://www.linkedin.com/company/cloudera> > > > > ------------------------------ > > > > ------------------------------ > > > > > > > > > > > > -- > *István Tóth* | Sr. Staff Software Engineer > *Email*: st...@cloudera.com > cloudera.com <https://www.cloudera.com> > [image: Cloudera] <https://www.cloudera.com/> > [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: > Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera > on LinkedIn] <https://www.linkedin.com/company/cloudera> > ------------------------------ > ------------------------------ >
