William, +1 on rolling a 2.4.1 release. Thanks a lot for starting the discussion!
Note that RATIS-1729 is to upgrade protobuf for fixing CVE-2022-3171, which was published on 10/12/2022. Tsz-Wo On Tue, Oct 25, 2022 at 7:20 PM William Song <[email protected]> wrote: > Hi Ratis Community, > > It’s really great to see Ratis releases 2.4.0. Unfortunately, there are > some important fixes missing in 2.4.0, like RATIS-1708 and RATIS-1729. > > I would like to propose a new Ratis release 2.4.1 (including > ratis-thirdparty 1.0.3) with the above changes. Since Apache IoTDB 1.0 > release (frozen by 11.15) is waiting for Ratis, we would be really > appreciate if the 2.4.1 be released in the coming weeks. > > Please help me check if there are other commits missing in 2.4.0. Thanks > in advance! > > > Regards, > William >
