+1 (binding) I did the following tests for the release candidate: - verified checksum and gpg signature of the artifacts - I built the source code (incl. the C-client, using -Pfull-build) on Ubuntu 22.04.5 using OpenJDK 8u402, maven 3.9.6 and GCC version 11.4.0 - all the java unit tests passed for me - all the C-client tests passed too - I also built and executed unit tests for zkpython - I also built the java code (without -Pfull-build) using other JDK versions: 11.0.28, 17.0.16, 21.0.8, 23.0.2 (but didn't run the tests this time, just used 'clean install -DskipTests') - checkstyle and spotbugs passed - apache-rat passed - owasp (CVE check) passed - fatjar built - I executed quick rolling-upgrade tests without SSL (using https://github.com/symat/zk-rolling-upgrade-test): - rolling upgrade from 3.6.4 to 3.9.5 RC0 - rolling upgrade from 3.7.2 to 3.9.5 RC0 - rolling upgrade from 3.8.6 to 3.9.5 RC0 - rolling upgrade from 3.9.4 to 3.9.5 RC0 - checked the uploaded documentation ( https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.5-candidate-0/website/index.html ) - compared generated release notes ( https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.5-candidate-0/website/releasenotes.html) with Jira ( https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12355999 )
Best regards, Máté On Wed, Feb 25, 2026 at 1:32 AM Christopher <[email protected]> wrote: > +1 (non-binding) > > * I tested the release candidate against Apache Accumulo's build suite > (Accumulo heavily uses ZK), and it built successfully. > * I verified the checksums and signatures > * I verified the source tarball contents match the release candidate > tag in git (release-3.9.5-0: 293c895a8d966a3ecb92872be4a1daf87d725da2) > * I ran an instance and performed some basic operations from the zkCli.sh > * I verified the generated class file versions were Java 8 (v. 52), > correctly built using a Java 11 JDK > > I saw a minor issue with zkCli.sh (not a blocker): > > * Closing the input stream for a terminal by pressing "Ctrl-D" should > automatically exit the interactive shell, but the bin/zkCli.sh does > not exit, but does disable JLine support, leaving you at a prompt-less > terminal. Pressing "Ctrl-D" a second time exited correctly, and so did > entering "quit" (without JLine support enabled). I would consider this > a bug in the interactive ZK shell, and should be treated like a > "quit". I believe this may have worked in previous versions, but that > may have been using an older version of JLine. Also, I think "exit" > should also be added as an alias for "quit", because that's a very > common command to exit a shell. > > Some LICENSE/NOTICE issues (also not blockers): > > * I think the NOTICE.txt file contains some additional content that > shouldn't be present, because it does not appear to be required. > Everything after line 5 should be removed, as none of it seems to > contain any required copyright notices. > * The NOTICE.txt file in the binary tarball refers to files in > locations that do not exist in that tarball. The LICENSE and NOTICE > files should correspond to the packaging in which they are found, > rather than use the same content for all packagings. This is > especially true because the binary tarball contains many dependencies > bundled that likely have their own copyright notices and maybe > separate licenses, that would not apply to the source tarball. > * There is a jetty-client LICENSE file in the lib directory of the > binary tarball, but no corresponding jetty-client jar. > * There is some naming inconsistency among the LICENSE files in the > lib directory; some replace ".jar" with ".LICENSE.txt", some replace > it with "_LICENSE.txt", and others keep it so it looks like > ".jar_LICENSE.txt" > * Many of the LICENSE files in the lib/ directory are just the Apache > 2.0 license, and it isn't necessary to keep a copy of them in the lib > directory, since the main LICENSE.txt file at the root of the project > specifies the text of the Apache 2.0 license; the jetty ones, for > example, are dual licensed, and can be distributed under the Apache > 2.0 license, so ZK doesn't need any additional LICENSE files other > than the main one for the project, for those. > * The generated jars don't seem to contain LICENSE/NOTICE files at > all, but should. These generally get automatically added by the remote > resources bundle that is specified in the Apache parent POM, though it > can be added manually, or overridden if needed. Since the jars are > often redistributed separately from the tarballs (such as when they > are published in Maven Central), they really should contain their own > LICENSE/NOTICE files that are specific to their contents. > > On Mon, Feb 23, 2026 at 10:35 AM Andor Molnár <[email protected]> wrote: > > > > Hi all, > > > > Let me keep this VOTE open and extend the deadline to: > > > > March 6th 2026, 23:59 UTC+0. (2 weeks) > > > > Please download, test and vote. > > > > Thanks, > > Andor > > > > > > > > > > > On Feb 11, 2026, at 15:02, Andor Molnár <[email protected]> wrote: > > > > > > This is a release candidate for 3.9.5. > > > > > > This is a minor release with bug- and security fixes. > > > > > > The full release notes is available at: > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12355999 > > > > > > *** Please download, test and vote by February 20th 2026, 23:59 UTC+0. > *** > > > > > > Source files: > > > > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.5-candidate-0/ > > > > > > Maven staging repo: > > > > https://repository.apache.org/content/repositories/orgapachezookeeper-1115/ > > > > > > The release candidate tag in git to be voted upon: release-3.9.5-0 > > > https://github.com/apache/zookeeper/tree/release-3.9.5-0 > > > > > > ZooKeeper's KEYS file containing PGP keys we use to sign the release: > > > https://www.apache.org/dist/zookeeper/KEYS > > > > > > The staging version of the website is: > > > > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.5-candidate-0/website/index.html > > > > > > > > > Should we release this candidate? > > > > > > Andor > > > > > > > > >
