Re: [RELEASE] Apache Cassandra 4.0.2 released

Patch submitted for review. I will also add explicit point on deprecation to the config docs I am writing now too. On Fri, 11 Feb 2022 at 19:10, Dinesh Joshi wrote: > We should also have deprecation guidance in Config.java. This will help > when anybody is making changes in the future. > > On

Re: [RELEASE] Apache Cassandra 4.0.2 released

We should also have deprecation guidance in Config.java. This will help when anybody is making changes in the future. > On Feb 11, 2022, at 3:07 PM, Ekaterina Dimitrova > wrote: > > Note taken, I had to document only in 4.0.x that those are placeholder. I > just opened ticket to fix that -

Re: [RELEASE] Apache Cassandra 4.0.2 released

Note taken, I had to document only in 4.0.x that those are placeholder. I just opened ticket to fix that - CASSANDRA-17377. I am going to submit a patch soon On Fri, 11 Feb 2022 at 17:44, Jeff Jirsa wrote: > We don't HAVE TO remove the Config.java entry - we can mark it as > deprecated and

Re: [RELEASE] Apache Cassandra 4.0.2 released

We don't HAVE TO remove the Config.java entry - we can mark it as deprecated and ignored and remove it in a future version (and you could update Config.java to log a message about having a deprecated config option). It's a much better operator experience: log for a major version, then remove in

Re: [RELEASE] Apache Cassandra 4.0.2 released

I don't think that's enough. We noop'd this in 3.11: https://github.com/apache/cassandra/blob/cassandra-3.11/NEWS.txt#L310 but never mentioned it again or did a proper deprecation notice, so dropping them in a minor is especially not nice. On Fri, Feb 11, 2022 at 4:26 PM Erick Ramirez wrote: >

Re: [RELEASE] Apache Cassandra 4.0.2 released

This had to be removed in 4.0 but it wasn’t. The patch mentioned did it to fix a bug that gives impression those work. Confirmed with Benedict on the ticket. I agree I absolutely had to document it better, a ticket for documentation was opened but it slipped from my mind with this emergency

Re: [RELEASE] Apache Cassandra 4.0.2 released

(moved dev@ to BCC) > It looks like the otc_coalescing_strategy config key is no longer > supported in cassandra.yaml in 4.0.2, despite this not being mentioned > anywhere in CHANGES.txt or NEWS.txt. > James, you're right -- it was removed by CASSANDRA-17132

Re: [RELEASE] Apache Cassandra 4.0.2 released

Accidentally dropped dev@, so adding back in the dev list, with the hopes that someone on the dev list helps address this. On Fri, Feb 11, 2022 at 2:22 PM Jeff Jirsa wrote: > That looks like https://issues.apache.org/jira/browse/CASSANDRA-17132 + >

RE : CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs

No it isn’t good to have issue… Are you a black hacker ? Regards. Dorian ROSSE. Envoyé à partir de Courrier pour Windows De : Erick Ramirez Envoyé le :vendredi 11 février 2022 23:02 À :

Re: CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs

> > Does this issue exist on the packaged Apache Cassandra 40X ? > Yes, it does. Cheers!

Re: CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs

Hello, Does this issue exist on the packaged Apache Cassandra 40X ? I ask because I don't find any version line of command and it miss the manual line of command for Cassandra, Thanks you in advance for your answer, Have a nice evening from the France it is twenty to twelve and the sky is

Re: [GSOC] Call for Mentors

Unfortunately we didn't, so far. Em sex., 11 de fev. de 2022 às 15:32, Henrik Ingo escreveu: > Hi Paulo > > Just checking, am I using Jira right: > https://issues.apache.org/jira/issues/?jql=project%20%3D%20CASSANDRA%20AND%20labels%20%3D%20gsoc%20and%20statusCategory%20!%3D%20Done%20 > > It

Re: [DISCUSS] CEP-7 Storage Attached Index

Just finished reading the latest version of the CEP. Here are my thoughts: - We've already talked about OR queries, so I won't rehash that, but tokenization support seems like it might be another one of those places where we can cut scope if we want to get V1 out the door. It shouldn't be that

Re: [GSOC] Call for Mentors

Hi Paulo Just checking, am I using Jira right: https://issues.apache.org/jira/issues/?jql=project%20%3D%20CASSANDRA%20AND%20labels%20%3D%20gsoc%20and%20statusCategory%20!%3D%20Done%20 It looks like we ended up with no gsoc projects submitted? Or am I querying wrong? henrik On Thu, Feb 3, 2022

Re: [DISCUSS] Non Coding Committers

Hi All Thanks very much to everyone who took the time to provide feedback and share their views on this topic. It seems to me like there is a general consensus around it and it's great to hear that the PMC is aware and actively working on it. A community is an evolving thing and so adapting

CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs

Severity: high Description: When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The

[RELEASE] Apache Cassandra 4.0.2 released

The Cassandra team is pleased to announce the release of Apache Cassandra version 4.0.2. Apache Cassandra is a fully distributed database. It is the right choice when you need scalability and high availability without compromising performance. http://cassandra.apache.org/ Downloads of source

[RELEASE] Apache Cassandra 3.11.12 released

The Cassandra team is pleased to announce the release of Apache Cassandra version 3.11.12. Apache Cassandra is a fully distributed database. It is the right choice when you need scalability and high availability without compromising performance. http://cassandra.apache.org/ Downloads of source

[RELEASE] Apache Cassandra 3.0.26 released

The Cassandra team is pleased to announce the release of Apache Cassandra version 3.0.26. Apache Cassandra is a fully distributed database. It is the right choice when you need scalability and high availability without compromising performance. http://cassandra.apache.org/ Downloads of source