Re: Cutting Apache ZooKeeper 3.8.1 release

2023-01-23 Thread Enrico Olivelli
Il giorno lun 23 gen 2023 alle ore 13:54 Enrico Olivelli ha scritto: > > Actually I think that I am falling into a rabbit hole. > > The Contrib packages have many CVEs against third party libraries > > https://issues.apache.org/jira/browse/ZOOKEEPER-4663 - OWASP is > failing on loggraph due to yui

Re: Cutting Apache ZooKeeper 3.8.1 release

2023-01-23 Thread Enrico Olivelli
Actually I think that I am falling into a rabbit hole. The Contrib packages have many CVEs against third party libraries https://issues.apache.org/jira/browse/ZOOKEEPER-4663 - OWASP is failing on loggraph due to yui-min.js: CVE-2013-4940, CVE-2013-4939 https://issues.apache.org/jira/browse/ZOOKEE

Re: Cutting Apache ZooKeeper 3.8.1 release

2023-01-23 Thread Enrico Olivelli
Unfortunately I missed these OWASP failures on the contrib packages [ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.1.0:check (default-cli) on project zookeeper-it: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than o

Re: Cutting Apache ZooKeeper 3.8.1 release

2023-01-20 Thread Enrico Olivelli
Huang Il giorno ven 20 gen 2023 alle ore 13:33 Binyu Huang ha scritto: > > Hi Enrico, > I wish our specification for ZooKeeper and Zab could be merged in later > versions(like 3.8.1). > It will be nice if someone could review our works. > > (with Key ZOOKEEPER-3615, and pull request > https://g

RE: Cutting Apache ZooKeeper 3.8.1 release

2023-01-20 Thread Binyu Huang
Hi Enrico, I wish our specification for ZooKeeper and Zab could be merged in later versions(like 3.8.1). It will be nice if someone could review our works. (with Key ZOOKEEPER-3615, and pull request https://github.com/apache/zookeeper/pull/1690) Best wishes, Huang On 2023/01/17 17:22:38 Enrico

Re: Cutting Apache ZooKeeper 3.8.1 release

2023-01-19 Thread Enrico Olivelli
I have opened a few PRs, please help me review https://github.com/apache/zookeeper/pull/1972 https://github.com/apache/zookeeper/pull/1971 https://github.com/apache/zookeeper/pull/1970 Enrico Il giorno gio 19 gen 2023 alle ore 11:43 Enrico Olivelli ha scritto: > > Unfortunately OWASP check is f

Re: Cutting Apache ZooKeeper 3.8.1 release

2023-01-19 Thread Enrico Olivelli
Unfortunately OWASP check is failing on branch-3.8 [ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.1.0:check (default-cli) on project zookeeper: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0': [E

Re: Cutting Apache ZooKeeper 3.8.1 release

2023-01-17 Thread Chris Nauroth
+1 Thank you for taking this up, Enrico! Chris Nauroth On Tue, Jan 17, 2023 at 9:24 AM Enrico Olivelli wrote: > Hello ZooKeepers, > We have received a few requests to cut a 3.8.1 release. > > I will start the release procedure by the end of this week, > if there anything that blocks the relea