FYI OWASP is failing, I think we should address this before releasing: 15:55:28 [ERROR] jetty-http-9.4.53.v20231009.jar: CVE-2024-6763(3.7)
Regards, Patrick On Wed, Oct 16, 2024 at 8:31 AM Damien Diederen <ddiede...@apache.org> wrote: > > Hi Andor, all, > > I'm afraid I missed the deadline, but here is what I have: > > +1 (binding): > > * Tarball contents match repository tag; > > * Verified checksums and signatures; > > * Built and smoke-tested on NixOS with a slightly adapted version of > the Nix recipe and test case; > > * Smoke-tested a standalone server with the (corresponding) Java, C > and Perl clients, as well as the zkfuse contrib; > > * Smoke-tested a 3-ensemble with the (corresponding) Java client and > SASL/GSSAPI. > > All in all: LGTM. Thank you for taking care of this release! > > Cheers, > Damien > > > > Andor Molnar <an...@apache.org> writes: > > This is a release candidate for 3.9.3. (rc1) > > > > This is a bugfix release for the 3.9 release line. Includes important > > dependency upgrades to address CVEs, several bug- and performance > > fixes. > > > > The full release notes is available at: > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12354432 > > > > *** Please download, test and vote by October 15th 2024, 23:59 UTC+0. > > *** > > > > Source files: > > > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.3-candidate-1/ > > > > Maven staging repo: > > > https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.9.3/ > > > > The release candidate tag in git to be voted upon: release-3.9.3-1 > > https://github.com/apache/zookeeper/tree/release-3.9.3-1 > > > > ZooKeeper's KEYS file containing PGP keys we use to sign the release: > > https://www.apache.org/dist/zookeeper/KEYS > > > > The staging version of the website is: > > > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.3-candidate-1/website/index.html > > > > > > Should we release this candidate? > > > > Andor >
