Hi all, I have branched 3.5.7, and updated branch-3.5 to 3.5.8-SNAPSHOT.
Please let me know if there is anything you think it should be also cherry-picked to 3.5.7! Anything (from now) backported to just branch-3.5 will NOT be available with 3.5.7. Thanks! - Norbert On Mon, Feb 3, 2020 at 11:14 AM Norbert Kalmar <[email protected]> wrote: > So about the SSL tests failing... my hosts file was messed up, turns out > localhost did not translate to 127.0.0.1 very well (it had a few strange > entry). > Probably something in the Docker image also around the hosts file, Máté is > taking a look. > > Regards, > Norbert > > On Mon, Feb 3, 2020 at 10:15 AM Norbert Kalmar <[email protected]> > wrote: > >> Hi Craig, >> >> It's already committed: >> https://github.com/apache/zookeeper/commit/59337e7ec8ab67fecf7cfc1b8c5b76397c02bfd6 >> >> Sorry I'm running a bit late with the release, I got a flu or some virus >> last week, wasn't too productive. >> >> Anyway, I did some testing, and SSL tests seems a bit flaky, they almost >> constantly kept failing. Reducing fork count helped a bit, first to 4 then >> to 1. Still was a bit flaky, the truth to be told the machine had some >> loads and the problem was server not coming up in time. But after killing >> the load it still happened. >> On my MacOS unit tests run without a problem with the default 8 surefire >> core. >> Turns out the SSL tests are also failing while building with the docker >> image, I just talked to Máté about this. >> >> Oh, it's both 3.5 and master branch. >> >> I'll dig into this a little before continuing. >> >> Regards, >> Norbert >> >> On Sat, Feb 1, 2020 at 1:01 PM Enrico Olivelli <[email protected]> >> wrote: >> >>> Il Ven 31 Gen 2020, 16:16 Craig.Condit <[email protected]> ha >>> scritto: >>> >>> > Would it be possible to get ZOOKEEPER-3638 included in 3.5.7 as well? >>> >>> I thought it already went in >>> >>> we really must include it. >>> >>> Enrico >>> >>> The version of Jetty included in 3.5.6 breaks the admin server. We have >>> > been running a backport of 3638 (which just upgrades to a later >>> version) >>> > successfully on 3.5.6 here without issue. >>> > >>> > Thanks, >>> > >>> > Craig Condit >>> > >>> > >>> > ________________________________ >>> > From: Norbert Kalmar <[email protected]> >>> > Sent: Thursday, January 30, 2020 3:06 PM >>> > To: DevZooKeeper <[email protected]> >>> > Subject: [EXTERNAL] Re: 3.5.7 >>> > >>> > Hi all, >>> > >>> > Just a heads up. >>> > >>> > All patch that we wanted (as far as I'm aware, let me know if you miss >>> > something) for the 3.5.7 release has been committed to branch 3.5. >>> Mainly >>> > this was: >>> > - ZOOKEEPER-3701 (split brain) >>> > - ZOOKEEPER-3482 (some SASL stuff) >>> > - ZOOKEEPER-3699 (fix CVE about Jackson) >>> > >>> > And a few other nice to haves (like ZOOKEEPER-1105 C client WARN msg >>> fix) >>> > that also made it. >>> > >>> > I started testing the 3.5 branch and I will create a release branch >>> soon >>> > (probably tomorrow). >>> > >>> > Regards, >>> > Norbert >>> > >>> > On Mon, Jan 27, 2020 at 11:30 AM Norbert Kalmar <[email protected]> >>> > wrote: >>> > >>> > > Only blocker left for 3.5.7 is ZOOKEEPER-3701, patch available here: >>> > > https://github.com/apache/zookeeper/pull/1233 >>> > > >>> > > I'll wait another 0.5-1 day if anyone wants to take a look at it. >>> Then >>> > > I'll commit and start the 3.5.7 release process. >>> > > >>> > > Thanks, >>> > > Norbert >>> > > >>> > > On Thu, Jan 23, 2020 at 11:29 AM Norbert Kalmar < >>> [email protected]> >>> > > wrote: >>> > > >>> > >> The patch fixed the CVE warning >>> > >> https://builds.apache.org/job/zookeeper-master-maven-owasp/339/ >>> > >> >>> > >> Norbert >>> > >> >>> > >> On Thu, Jan 23, 2020 at 11:07 AM Norbert Kalmar < >>> [email protected]> >>> > >> wrote: >>> > >> >>> > >>> Thanks Patrick, I'll review and preferably commit your patch, which >>> > >>> should negate the CVE warning. >>> > >>> >>> > >>> Regards, >>> > >>> Norbert >>> > >>> >>> > >>> On Wed, Jan 22, 2020 at 5:31 PM Patrick Hunt <[email protected]> >>> wrote: >>> > >>> >>> > >>>> owasp is failing on branch-3.5, >>> > >>>> [ERROR] jackson-databind-2.9.10.1.jar: CVE-2019-20330 >>> > >>>> >>> > >>>> seems the same as: >>> > >>>> https://issues.apache.org/jira/browse/ZOOKEEPER-3699 >>> > >>>> >>> > >>>> Patrick >>> > >>>> >>> > >>>> On Wed, Jan 22, 2020 at 5:12 AM Ivan Kelly <[email protected]> >>> wrote: >>> > >>>> >>> > >>>> > > Would you have time for a quick fix ? >>> > >>>> > >>> > >>>> > The measures to avoid the problem are listed at the end of the >>> JIRA >>> > >>>> > description. I can't submit a PR until I get permission from my >>> > >>>> > company legal to push to ZK. >>> > >>>> > >>> > >>>> > -Ivan >>> > >>>> > >>> > >>>> >>> > >>> >>> > >>> >>
