Hi >> Bump up Omid to 1.1.0 Done as part of PHOENIX-7075.
>> switch to standard guava in phoenix-thirdparty Raised PHOENIX-7080 for same. >> Omid repo also has several CVE related patches >> fix all possible vulnerabilities Will analyse and see what else can be fixed for phoenix-omid in next few days with OMID-252. Will keep this thread updated. Regards, Nihal On Thu, 19 Oct, 2023, 10:51 rajeshb...@apache.org, <chrajeshbab...@gmail.com> wrote: > Sure Istvan. > > We are setting up security scans and fix all possible vulnerabilities ASAP. > > Nihal Jain from our team looking into it. > > Thanks, > Rajeshbabu. > > > On Thu, Oct 19, 2023, 9:35 AM Istvan Toth <st...@cloudera.com.invalid> > wrote: > > > Regarding the guava update: > > Since we're no longer supporting Java 7, we should switch to standard > guava > > in phoenix-thirdparty. > > > > The Omid repo also has several CVE related patches. > > It would be nice to release Omid 1.1.1 before Phoenix 5.1.4 to make use > of > > them. > > > > Istvan > > > > On Thu, Oct 19, 2023 at 4:35 AM rajeshb...@apache.org < > > chrajeshbab...@gmail.com> wrote: > > > > > Sure Istvan, am fine not delete old versions. > > > > > > We need to release phoenix-thirdparty fixing the guava vulnerability > and > > > make use here would be better. > > > > > > I would like to release it this weekend. If required will start another > > > discussion thread or start release. > > > > > > @Visa we are trying to productionize the Phoenix with ACID compliance. > We > > > are in the early stages. > > > > > > > > > > > > On Wed, Oct 18, 2023, 11:01 PM Viraj Jasani <vjas...@apache.org> > wrote: > > > > > > > Sounds good Istvan, let’s keep the versions. > > > > > > > > And thank you so much for fixing broken compilation for 2.1 and 2.2 > > > > versions: > > > > https://github.com/apache/phoenix/pull/1714 > > > > > > > > > > > > On Tue, Oct 17, 2023 at 11:05 PM Istvan Toth > > <st...@cloudera.com.invalid > > > > > > > > wrote: > > > > > > > > > I very much agree on the release. > > > > > > > > > > I don't remember why we didn't bump the Omid version in 5.1 after > it > > > was > > > > > released. > > > > > If it doesn't break anything, then it's a good thing. > > > > > > > > > > I disagree on removing the old HBase version support. > > > > > > > > > > Just as HBase doesn't remove support for old Hadoop versions in new > > > patch > > > > > (or even minor) releases, > > > > > I think it would be much kinder to our users not to force them to > > > upgrade > > > > > HBase, when it really doesn't cost us > > > > > much to maintain support for the old versions. (Even if the build > > with > > > > 2.1 > > > > > and 2.2 is broken now) > > > > > > > > > > I think that we should make an effort to increase Phoenix adoption > > > beyond > > > > > SFDC and the CLDR customer base. > > > > > Making life easier for users of the Apache releases by not forcing > an > > > > HBase > > > > > upgrade is a step in that direction. > > > > > Regular releases are also something that projects the image of a > > > healthy > > > > > project. > > > > > > > > > > Disclaimer: CLDR maintains an LTS release with Phoenix 5.1 and > HBase > > > 2.2, > > > > > so it would make life a bit harder for us, too. > > > > > > > > > > Istvan > > > > > > > > > > On Wed, Oct 18, 2023 at 6:57 AM Viraj Jasani <vjas...@apache.org> > > > wrote: > > > > > > > > > > > Thank you for the response, Rajeshbabu. > > > > > > > > > > > > > Bump up Omid to 1.1.0 > > > > > > > > > > > > Sounds good. > > > > > > > > > > > > > > > > > > > Remove the support of HBase versions <2.3.x > > > > > > > > > > > > Those versions are long EOL'ed so yes perhaps it makes sense to > > drop > > > > > their > > > > > > support, though I am not sure if we need to manage compatibility > > for > > > > the > > > > > > patch release. > > > > > > If we have consensus, it's fine to remove them. No strong opinion > > > > either > > > > > > way but I am slightly inclined to remove the support since they > are > > > > > already > > > > > > EOL'ed. > > > > > > > > > > > > 2.3 is also EOL'ed, but we should keep it anyway since it was a > > > stable > > > > > > release line for quite some time and some users might still be > > using > > > > > 2.3.x > > > > > > versions. > > > > > > > > > > > > > > > > > > On Tue, Oct 17, 2023 at 9:38 PM rajeshb...@apache.org < > > > > > > chrajeshbab...@gmail.com> wrote: > > > > > > > > > > > > > +1 > > > > > > > > > > > > > > Would be better to do few things before release. > > > > > > > 1) Bump up Omid to 1.1.0 > > > > > > > 2) Remove the support of HBase versions <2.3.x > > > > > > > > > > > > > > These would just backports . I will do it if it's fine. > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > > > > > > > On Wed, Oct 18, 2023 at 9:14 AM Viraj Jasani < > vjas...@apache.org > > > > > > > > wrote: > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > It's been almost a year since we had the last patch release > on > > > the > > > > > 5.1 > > > > > > > > release line. As discussed on other threads, 5.2 release can > > > wait a > > > > > > > little > > > > > > > > longer for some of the features that are in progress. In the > > > > > meantime, > > > > > > we > > > > > > > > should also keep the 5.1 release line active. > > > > > > > > > > > > > > > > We have some good contributions on the 5.1 release line. > Unless > > > > > anyone > > > > > > > > would like to be the RM for 5.1.4, I would volunteer to start > > the > > > > > > release > > > > > > > > preparation early next week. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > *István Tóth* | Sr. Staff Software Engineer > > > > > *Email*: st...@cloudera.com > > > > > cloudera.com <https://www.cloudera.com> > > > > > [image: Cloudera] <https://www.cloudera.com/> > > > > > [image: Cloudera on Twitter] <https://twitter.com/cloudera> > [image: > > > > > Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: > > > > Cloudera > > > > > on LinkedIn] <https://www.linkedin.com/company/cloudera> > > > > > ------------------------------ > > > > > ------------------------------ > > > > > > > > > > > > > > > > > > -- > > *István Tóth* | Sr. Staff Software Engineer > > *Email*: st...@cloudera.com > > cloudera.com <https://www.cloudera.com> > > [image: Cloudera] <https://www.cloudera.com/> > > [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: > > Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: > Cloudera > > on LinkedIn] <https://www.linkedin.com/company/cloudera> > > ------------------------------ > > ------------------------------ > > >
