Yes, it’s correct, it does include code changes for other issues, but the logging dependency change specifically didn’t involve any code change. Sorry for the confusion.
Andor > On Aug 8, 2025, at 23:11, Christopher <ctubb...@apache.org> wrote: > > Looking at the list of changes, I think I misunderstood the wording. This > does include ZK code changes, but the specific logging dependency change > did not involve ZK changes. Other fixes did involve ZK code changes. Is > that correct? > > On Sat, Aug 9, 2025, 00:09 Christopher <ctubb...@apache.org> wrote: > >> -0 (non-binding). If no ZK changes occurred, then I don't think it's worth >> the effort and sends the message that ZK is responsible for users' >> classpath security. I think that's the wrong message to send, because users >> should be responsible for their classpath. >> >> Instead, I think a message to the user mailing list recommending users >> update their logging dependencies would be a better action to take, along >> with a note on the downloads page for the same. That would be a responsible >> action without sending the wrong message. >> >> If this accompanied actual ZK changes, I would say +1, though (still >> non-binding, of course). >> >> On Fri, Aug 8, 2025, 17:07 Andor Molnar <an...@apache.org> wrote: >> >>> This is a release candidate for 3.9.4. >>> >>> This is a minor release with bug- and security fixes. Important to note >>> that due to security issues we’ve upgraded logback to 1.3.15 and slf4j to >>> 2.0.13. No ZooKeeper code changes have been involved in this upgrade, but >>> the SLF4j upgrade was a major version increase, so keep an eye on that >>> during your testing. >>> >>> The full release notes is available at: >>> >>> >>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12355230 >>> >>> *** Please download, test and vote by August 15th 2025, 23:59 UTC+0. *** >>> >>> Source files: >>> >>> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.4-candidate-1/ >>> >>> Maven staging repo: >>> >>> https://repository.apache.org/content/repositories/orgapachezookeeper-1109/ >>> >>> The release candidate tag in git to be voted upon: release-3.9.4-1 >>> https://github.com/apache/zookeeper/tree/release-3.9.4-1 >>> >>> ZooKeeper's KEYS file containing PGP keys we use to sign the release: >>> https://www.apache.org/dist/zookeeper/KEYS >>> >>> The staging version of the website is: >>> >>> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.4-candidate-1/website/index.html >>> >>> Should we release this candidate? >>> >>> Andor >>> >>> >>>
