I've created a Jira to address this: https://issues.apache.org/jira/browse/ZOOKEEPER-4876
Andor On Wed, 2024-10-16 at 17:35 -0500, Andor Molnar wrote: > Thanks for the heads-up Pat. I take it as a -1. > > This vote is now cancelled and I'm creating another RC. > > Thanks, > Andor > > > > On Wed, 2024-10-16 at 08:59 -0700, Patrick Hunt wrote: > > FYI OWASP is failing, I think we should address this before > > releasing: > > > > 15:55:28 [ERROR] jetty-http-9.4.53.v20231009.jar: CVE-2024- > > 6763(3.7) > > > > Regards, > > > > Patrick > > > > On Wed, Oct 16, 2024 at 8:31 AM Damien Diederen > > <ddiede...@apache.org> wrote: > > > > > > Hi Andor, all, > > > > > > I'm afraid I missed the deadline, but here is what I have: > > > > > > +1 (binding): > > > > > > * Tarball contents match repository tag; > > > > > > * Verified checksums and signatures; > > > > > > * Built and smoke-tested on NixOS with a slightly adapted > > > version > > > of > > > the Nix recipe and test case; > > > > > > * Smoke-tested a standalone server with the (corresponding) > > > Java, > > > C > > > and Perl clients, as well as the zkfuse contrib; > > > > > > * Smoke-tested a 3-ensemble with the (corresponding) Java > > > client > > > and > > > SASL/GSSAPI. > > > > > > All in all: LGTM. Thank you for taking care of this release! > > > > > > Cheers, > > > Damien > > > > > > > > > > > > Andor Molnar <an...@apache.org> writes: > > > > This is a release candidate for 3.9.3. (rc1) > > > > > > > > This is a bugfix release for the 3.9 release line. Includes > > > > important > > > > dependency upgrades to address CVEs, several bug- and > > > > performance > > > > fixes. > > > > > > > > The full release notes is available at: > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12354432 > > > > > > > > *** Please download, test and vote by October 15th 2024, 23:59 > > > > UTC+0. > > > > *** > > > > > > > > Source files: > > > > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.3-candidate-1/ > > > > > > > > Maven staging repo: > > > > https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.9.3/ > > > > > > > > The release candidate tag in git to be voted upon: release- > > > > 3.9.3- > > > > 1 > > > > https://github.com/apache/zookeeper/tree/release-3.9.3-1 > > > > > > > > ZooKeeper's KEYS file containing PGP keys we use to sign the > > > > release: > > > > https://www.apache.org/dist/zookeeper/KEYS > > > > > > > > The staging version of the website is: > > > > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.3-candidate-1/website/index.html > > > > > > > > > > > > Should we release this candidate? > > > > > > > > Andor >
