Regarding Omid, Lars has opened https://issues.apache.org/jira/browse/OMID-240, which looks quite scary.
I am not against releasing a new Omid version that only has CVE fixes and component updates, but I'd strongly suggest looking into OMID-240 right after. On Thu, Oct 19, 2023 at 9:34 AM Nihal Jain <nihaljain...@gmail.com> wrote: > Hi > > >> Bump up Omid to 1.1.0 > Done as part of PHOENIX-7075. > > >> switch to standard guava in phoenix-thirdparty > Raised PHOENIX-7080 for same. > > >> Omid repo also has several CVE related patches > >> fix all possible vulnerabilities > Will analyse and see what else can be fixed for phoenix-omid in next few > days with OMID-252. > > Will keep this thread updated. > > Regards, > Nihal > > On Thu, 19 Oct, 2023, 10:51 rajeshb...@apache.org, < > chrajeshbab...@gmail.com> > wrote: > > > Sure Istvan. > > > > We are setting up security scans and fix all possible vulnerabilities > ASAP. > > > > Nihal Jain from our team looking into it. > > > > Thanks, > > Rajeshbabu. > > > > > > On Thu, Oct 19, 2023, 9:35 AM Istvan Toth <st...@cloudera.com.invalid> > > wrote: > > > > > Regarding the guava update: > > > Since we're no longer supporting Java 7, we should switch to standard > > guava > > > in phoenix-thirdparty. > > > > > > The Omid repo also has several CVE related patches. > > > It would be nice to release Omid 1.1.1 before Phoenix 5.1.4 to make use > > of > > > them. > > > > > > Istvan > > > > > > On Thu, Oct 19, 2023 at 4:35 AM rajeshb...@apache.org < > > > chrajeshbab...@gmail.com> wrote: > > > > > > > Sure Istvan, am fine not delete old versions. > > > > > > > > We need to release phoenix-thirdparty fixing the guava vulnerability > > and > > > > make use here would be better. > > > > > > > > I would like to release it this weekend. If required will start > another > > > > discussion thread or start release. > > > > > > > > @Visa we are trying to productionize the Phoenix with ACID > compliance. > > We > > > > are in the early stages. > > > > > > > > > > > > > > > > On Wed, Oct 18, 2023, 11:01 PM Viraj Jasani <vjas...@apache.org> > > wrote: > > > > > > > > > Sounds good Istvan, let’s keep the versions. > > > > > > > > > > And thank you so much for fixing broken compilation for 2.1 and 2.2 > > > > > versions: > > > > > https://github.com/apache/phoenix/pull/1714 > > > > > > > > > > > > > > > On Tue, Oct 17, 2023 at 11:05 PM Istvan Toth > > > <st...@cloudera.com.invalid > > > > > > > > > > wrote: > > > > > > > > > > > I very much agree on the release. > > > > > > > > > > > > I don't remember why we didn't bump the Omid version in 5.1 after > > it > > > > was > > > > > > released. > > > > > > If it doesn't break anything, then it's a good thing. > > > > > > > > > > > > I disagree on removing the old HBase version support. > > > > > > > > > > > > Just as HBase doesn't remove support for old Hadoop versions in > new > > > > patch > > > > > > (or even minor) releases, > > > > > > I think it would be much kinder to our users not to force them to > > > > upgrade > > > > > > HBase, when it really doesn't cost us > > > > > > much to maintain support for the old versions. (Even if the build > > > with > > > > > 2.1 > > > > > > and 2.2 is broken now) > > > > > > > > > > > > I think that we should make an effort to increase Phoenix > adoption > > > > beyond > > > > > > SFDC and the CLDR customer base. > > > > > > Making life easier for users of the Apache releases by not > forcing > > an > > > > > HBase > > > > > > upgrade is a step in that direction. > > > > > > Regular releases are also something that projects the image of a > > > > healthy > > > > > > project. > > > > > > > > > > > > Disclaimer: CLDR maintains an LTS release with Phoenix 5.1 and > > HBase > > > > 2.2, > > > > > > so it would make life a bit harder for us, too. > > > > > > > > > > > > Istvan > > > > > > > > > > > > On Wed, Oct 18, 2023 at 6:57 AM Viraj Jasani <vjas...@apache.org > > > > > > wrote: > > > > > > > > > > > > > Thank you for the response, Rajeshbabu. > > > > > > > > > > > > > > > Bump up Omid to 1.1.0 > > > > > > > > > > > > > > Sounds good. > > > > > > > > > > > > > > > > > > > > > > Remove the support of HBase versions <2.3.x > > > > > > > > > > > > > > Those versions are long EOL'ed so yes perhaps it makes sense to > > > drop > > > > > > their > > > > > > > support, though I am not sure if we need to manage > compatibility > > > for > > > > > the > > > > > > > patch release. > > > > > > > If we have consensus, it's fine to remove them. No strong > opinion > > > > > either > > > > > > > way but I am slightly inclined to remove the support since they > > are > > > > > > already > > > > > > > EOL'ed. > > > > > > > > > > > > > > 2.3 is also EOL'ed, but we should keep it anyway since it was a > > > > stable > > > > > > > release line for quite some time and some users might still be > > > using > > > > > > 2.3.x > > > > > > > versions. > > > > > > > > > > > > > > > > > > > > > On Tue, Oct 17, 2023 at 9:38 PM rajeshb...@apache.org < > > > > > > > chrajeshbab...@gmail.com> wrote: > > > > > > > > > > > > > > > +1 > > > > > > > > > > > > > > > > Would be better to do few things before release. > > > > > > > > 1) Bump up Omid to 1.1.0 > > > > > > > > 2) Remove the support of HBase versions <2.3.x > > > > > > > > > > > > > > > > These would just backports . I will do it if it's fine. > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Oct 18, 2023 at 9:14 AM Viraj Jasani < > > vjas...@apache.org > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > It's been almost a year since we had the last patch release > > on > > > > the > > > > > > 5.1 > > > > > > > > > release line. As discussed on other threads, 5.2 release > can > > > > wait a > > > > > > > > little > > > > > > > > > longer for some of the features that are in progress. In > the > > > > > > meantime, > > > > > > > we > > > > > > > > > should also keep the 5.1 release line active. > > > > > > > > > > > > > > > > > > We have some good contributions on the 5.1 release line. > > Unless > > > > > > anyone > > > > > > > > > would like to be the RM for 5.1.4, I would volunteer to > start > > > the > > > > > > > release > > > > > > > > > preparation early next week. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > *István Tóth* | Sr. Staff Software Engineer > > > > > > *Email*: st...@cloudera.com > > > > > > cloudera.com <https://www.cloudera.com> > > > > > > [image: Cloudera] <https://www.cloudera.com/> > > > > > > [image: Cloudera on Twitter] <https://twitter.com/cloudera> > > [image: > > > > > > Cloudera on Facebook] <https://www.facebook.com/cloudera> > [image: > > > > > Cloudera > > > > > > on LinkedIn] <https://www.linkedin.com/company/cloudera> > > > > > > ------------------------------ > > > > > > ------------------------------ > > > > > > > > > > > > > > > > > > > > > > > > -- > > > *István Tóth* | Sr. Staff Software Engineer > > > *Email*: st...@cloudera.com > > > cloudera.com <https://www.cloudera.com> > > > [image: Cloudera] <https://www.cloudera.com/> > > > [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: > > > Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: > > Cloudera > > > on LinkedIn] <https://www.linkedin.com/company/cloudera> > > > ------------------------------ > > > ------------------------------ > > > > > > -- *István Tóth* | Sr. Staff Software Engineer *Email*: st...@cloudera.com cloudera.com <https://www.cloudera.com> [image: Cloudera] <https://www.cloudera.com/> [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> ------------------------------ ------------------------------
