Thanks for the thoughts. I am interpreting this discussion summary as release candidate 3.0.0-rc2 will be released as 3.0.0 as is without any patch upgrade.
Best regards, Janardhan On Sun, Jun 19, 2022 at 12:27 AM Matthias Boehm <mboe...@gmail.com> wrote: > > upgrading main is fine, but it does not affect the release as we declare > minimum dependencies (SystemDS can be used with more recent Spark/Hadoop > versions) and minor/patch versions do not change the external behavior. > > Regards, > Matthias > > On 6/18/2022 7:50 PM, Baunsgaard, Sebastian wrote: > > Based on the issue i say we need to upgrade > > ________________________________ > > From: Janardhan <janard...@apache.org> > > Sent: Saturday, June 18, 2022 7:43:30 PM > > To: dev@systemds.apache.org > > Subject: Re: [QUESTION] Should a minor dependency upgrade stop our release > > candidate? > > > > The upgrade is a CVE with Severity marked as critical. Relevant > > advisory[1] by Hadoop team. > > > > [1] https://lists.apache.org/thread/2dk5flnszl7grpvfm7t3dg0w61r4jg9v > > > > Thanks, > > Janardhan > > > > > > On Sat, Jun 18, 2022 at 10:55 PM Baunsgaard, Sebastian > > <baunsga...@tugraz.at.invalid> wrote: > >> > >> From my side i would hate if someone complain about the issue from Hadoop > >> in our release. > >> So i say new release candidate with upgrade. Or if possible without vote. > >> Did anyone look into what the Hadoop issue is ? > >> > >> Br > >> Sebastian > >> ________________________________ > >> From: arnab phani <phaniar...@gmail.com> > >> Sent: Saturday, June 18, 2022 6:28:54 PM > >> To: dev@systemds.apache.org > >> Subject: Re: [QUESTION] Should a minor dependency upgrade stop our release > >> candidate? > >> > >> In my opinion, this upgrade doesn't invalidate the release candidates. It > >> should be safe to continue. > >> > >> Regards, > >> Arnab.. > >> > >> On Sat, Jun 18, 2022, 17:05 Janardhan <janard...@apache.org> wrote: > >> > >>> Hi, > >>> > >>> We have a version of dependency minor upgrade[1]. Now, the release > >>> candidate has enough votes to pass. > >>> > >>> Shall we apply the patch or continue without it. > >>> > >>> [1] https://github.com/apache/systemds/pull/1640 > >>> > >>> Best regards, > >>> Janardhan > >>> > >
