I notice that the owasp check is failing due to netty: https://issues.apache.org/jira/browse/ZOOKEEPER-3794 doesn't seem super critical but might be worth knocking off if we're still not ready to create an RC:
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.3.0:check (default-cli) on project zookeeper:[ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0':[ERROR] [ERROR] netty-handler-4.1.45.Final.jar: CVE-2020-11612[ERROR] netty-common-4.1.45.Final.jar: CVE-2020-11612[ERROR] netty-buffer-4.1.45.Final.jar: CVE-2020-11612[ERROR] netty-transport-4.1.45.Final.jar: CVE-2020-11612[ERROR] netty-resolver-4.1.45.Final.jar: CVE-2020-11612[ERROR] netty-codec-4.1.45.Final.jar: CVE-2020-11612[ERROR] netty-transport-native-epoll-4.1.45.Final.jar: CVE-2020-11612[ERROR] netty-transport-native-unix-common-4.1.45.Final.jar: CVE-2020-11612 Patrick On Sun, Apr 12, 2020 at 9:39 AM Enrico Olivelli <eolive...@gmail.com> wrote: > Christopher > Maybe with your commit a93ff0fe631d1c96ee056a79e3c16535ab33c794 we have > broken the source release tarball. > > It looks like we are not passing the git sha to VerGen or something like > that > > Just download the source tarball from my staging area and try. > > Do you have time to help fixing this issue? > Otherwise I can try to fix it or simply git revert that commit as it is not > a blocker issue for the release > > Cheers > Enrico > > Il giorno dom 12 apr 2020 alle ore 14:58 Enrico Olivelli < > eolive...@gmail.com> ha scritto: > > > Christopher > > This is my staging area > > https://people.apache.org/~eolivelli/zookeeper-3.6.1-candidate-0/ > > > > this is not the VOTE thread, I will send the official VOTE email once I > > feel the staging area is valid > > this is the Maven Repository > > > https://repository.apache.org/content/repositories/orgapachezookeeper-1054 > > > > I will hopefully send the VOTE email tomorrow > > > > Please send me comments directly and not to the ML, in order not to > create > > confusion > > > > Thank in advance > > Enrico > > > > Il giorno ven 10 apr 2020 alle ore 04:35 Christopher < > ctubb...@apache.org> > > ha scritto: > > > >> I don't anticipate any issues, but I can test Accumulo with the > >> release candidate when it's ready. > >> Do you already have the binary tarball built and uploaded somewhere? > >> > >> On Thu, Apr 9, 2020 at 2:43 PM Enrico Olivelli <eolive...@gmail.com> > >> wrote: > >> > > >> > Il Gio 9 Apr 2020, 20:33 Norbert Kalmar <nkal...@cloudera.com.invalid > > > >> ha > >> > scritto: > >> > > >> > > Hi Enrico, > >> > > > >> > > Thanks for driving this! > >> > > > >> > > I managed to build HBase with ZooKeeper 3.5.7 having cherry-picked > the > >> > > getRevision() patch. I know it's not 3.6.x, but I found the problem > >> with > >> > > this 3.5.7 and fixed it according to this on 3.6 as well. So it > >> should be > >> > > fine now. > >> > > > >> > > >> > Thank you > >> > > >> > Enrico > >> > > >> > > > >> > > - Norbert > >> > > > >> > > On Thu, Apr 9, 2020 at 11:00 AM Enrico Olivelli < > eolive...@gmail.com> > >> > > wrote: > >> > > > >> > > > Hi, > >> > > > I am going to prepare a release candidate for ZooKeeper 3.6.1. > >> > > > > >> > > > There is no JIRA issue with fixVersion = 3.6.1 that is unresolved. > >> > > > > >> > > > I have tested a few projects that had compatibility issues and > they > >> are > >> > > > resolved (like Apache BookKeeper and other non OS projects in my > >> > > company). > >> > > > > >> > > > I remember that Norbert pointed a problem with HBase client, that > >> uses > >> > > > getRevision() method, it would be super great to have some > feedback > >> of > >> > > > compatibility of HBase with 3.6.1 client. > >> > > > > >> > > > I have deployed the snapshots to snapshots.apache.org, this way > >> you can > >> > > > easily test your project in CI, even on Travis. > >> > > > > >> > > > I have created the work branch for release > >> > > > https://github.com/apache/zookeeper/tree/release-3.6.1 > >> > > > > >> > > > Please ping me if you have any questions or concerns or you need > to > >> add > >> > > new > >> > > > items. > >> > > > > >> > > > I will start the release procedure once I have self validated the > >> status > >> > > of > >> > > > that branch > >> > > > > >> > > > Stay tuned > >> > > > > >> > > > Enrico > >> > > > > >> > > > >> > > >
