You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by Andor Molnar <an...@apache.org> on 2023/07/17 13:10:55 UTC
[VOTE] Apache ZooKeeper release 3.9.0 candidate 0
Hi team,
This is a release candidate for 3.9.0.
It is a major release and it introduces a lot of new features, most
notably:
- Admin server API for taking snapshot and stream out the data
- Communicate the Zxid that triggered a WatchEvent to fire
- TLS - dynamic loading for client trust/key store
- Add Netty-TcNative OpenSSL Support
- Adding SSL support to Zktreeutil
- Improve syncRequestProcessor performance
- Updates to all the third party dependencies to get rid of every known
CVE.
The full release notes is available at:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12351304
*** Please download, test and vote by July 30th 2023, 23:59 UTC+0. ***
Source files:
https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/
Maven staging repo:
https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.9.0/
The release candidate tag in git to be voted upon: release-3.8.0-1
https://github.com/apache/zookeeper/tree/release-3.9.0-0
ZooKeeper's KEYS file containing PGP keys we use to sign the release:
https://www.apache.org/dist/zookeeper/KEYS
The staging version of the website is:
https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/index.html
Should we release this candidate?
Regards,
Andor
Re: [VOTE] Apache ZooKeeper release 3.9.0 candidate 0
Posted by Andor Molnar <an...@apache.org>.
Hi Mate,
Since we don't have better idea, I opened a pull request to upgrade
OWASP to the latest (8.3.1) version.
https://github.com/apache/zookeeper/pull/2035
Please approve.
Andor
On Mon, 2023-07-17 at 22:50 +0200, Szalay-Bekő Máté wrote:
> Hello Andor!
>
> Thanks for this great release!
>
> I found two issues with RC0:
>
> 1) OWASP CVE check (mvn dependency-check:check) failed with
> "netty-tcnative-boringssl-static-2.0.61.Final-osx-x86_64.jar:
> CVE-2011-1797(9.3)"
>
> This seems to be a false positive to me (looks to be some security
> issue
> affecting old safari / chromium web browser versions?). I didn't get
> deep
> into this, but I guess we see this since
> https://issues.apache.org/jira/browse/ZOOKEEPER-4622
>
> Interestingly, the CI pipeline doesn't catch this CVE (
> https://ci-hadoop.apache.org/view/ZooKeeper/job/zookeeper-multi-branch-owasp/job/master/),
> maybe this is some bug in OWASP that is triggered only with certain
> maven
> versions or during building on certain platforms? I ran OWASP on
> Ubuntu
> 18.04.2 with maven 3.9.3.
>
> 2) Also I see that the website (
> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/index.html)
> is still showing "ZooKeeper 3.8 Documentation" on the top
>
>
> What do you think? We shouldn't pass the RC until we are certain
> about the
> CVE issue. (unless this is something happening only on my setup... it
> is
> strange that OWAPS is green on CI)
>
>
> Beside these, I ran all my usual RC test steps, and found no other
> issues
> with the RC:
> - verified checksum and gpg signature of the artifacts
> - I built the source code (incl. the C-client, using -Pfull-build) on
> Ubuntu 18.04.2 using OpenJDK 8u372, maven 3.9.3 and GCC version 7.4.0
> - all the unit tests passed (both Java and C-client)
> - I also built and executed unit tests for zkpython
> - I also built the java code (without -Pfull-build) using other JDK
> versions: 11.0.19, 17.0.7, 20.0.1 (but didn't run the tests this
> time, just
> used 'clean install -DskipTests')
> - checkstyle and spotbugs passed
> - apache-rat passed
> - fatjar built
> - I executed quick rolling-upgrade tests (using
> https://github.com/symat/zk-rolling-upgrade-test):
> - rolling upgrade from 3.5.10 to 3.9.0
> - rolling upgrade from 3.6.4 to 3.9.0
> - rolling upgrade from 3.7.1 to 3.9.0
> - rolling upgrade from 3.8.2 to 3.9.0
> - compared generated release notes (
> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/releasenotes.html
> ) with Jira (
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12351304
> )
>
>
> Best regards,
> Máté
>
> On Mon, Jul 17, 2023 at 3:11 PM Andor Molnar <an...@apache.org>
> wrote:
>
> > Hi team,
> >
> > This is a release candidate for 3.9.0.
> >
> > It is a major release and it introduces a lot of new features, most
> > notably:
> > - Admin server API for taking snapshot and stream out the data
> > - Communicate the Zxid that triggered a WatchEvent to fire
> > - TLS - dynamic loading for client trust/key store
> > - Add Netty-TcNative OpenSSL Support
> > - Adding SSL support to Zktreeutil
> > - Improve syncRequestProcessor performance
> > - Updates to all the third party dependencies to get rid of every
> > known
> > CVE.
> >
> > The full release notes is available at:
> >
> >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12351304
> >
> > *** Please download, test and vote by July 30th 2023, 23:59 UTC+0.
> > ***
> >
> > Source files:
> >
> > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/
> >
> > Maven staging repo:
> >
> > https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.9.0/
> >
> > The release candidate tag in git to be voted upon: release-3.8.0-1
> > https://github.com/apache/zookeeper/tree/release-3.9.0-0
> >
> > ZooKeeper's KEYS file containing PGP keys we use to sign the
> > release:
> > https://www.apache.org/dist/zookeeper/KEYS
> >
> > The staging version of the website is:
> >
> > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/index.html
> >
> >
> > Should we release this candidate?
> >
> >
> > Regards,
> > Andor
> >
> >
> >
Re: [VOTE] Apache ZooKeeper release 3.9.0 candidate 0
Posted by Enrico Olivelli <eo...@gmail.com>.
For what it's worth, all my tests passed today :-)
I would have cast a +1.
But I agree that we should fix the problem reported by Mate
Enrico
Il giorno mar 18 lug 2023 alle ore 14:48 Szalay-Bekő Máté
<sz...@gmail.com> ha scritto:
>
> Thanks Andor!
>
> > Since we don't have better idea, I opened a pull request to upgrade OWASP
> to the latest (8.3.1) version.
>
> Yes, I tested the PR, upgrading OWASP is solving the issue also on my
> machine. I approved the PR.
>
> Regards,
> Máté
>
> On Tue, Jul 18, 2023 at 1:45 PM Andor Molnar <an...@apache.org> wrote:
>
> > Hi Mate,
> >
> > I take your e-mail as a -1 vote, so this RC VOTE is CANCELLED.
> > I'll prepare another rc.
> >
> > Regards,
> > Andor
> >
> >
> > On Mon, 2023-07-17 at 22:50 +0200, Szalay-Bekő Máté wrote:
> > > Hello Andor!
> > >
> > > Thanks for this great release!
> > >
> > > I found two issues with RC0:
> > >
> > > 1) OWASP CVE check (mvn dependency-check:check) failed with
> > > "netty-tcnative-boringssl-static-2.0.61.Final-osx-x86_64.jar:
> > > CVE-2011-1797(9.3)"
> > >
> > > This seems to be a false positive to me (looks to be some security
> > > issue
> > > affecting old safari / chromium web browser versions?). I didn't get
> > > deep
> > > into this, but I guess we see this since
> > > https://issues.apache.org/jira/browse/ZOOKEEPER-4622
> > >
> > > Interestingly, the CI pipeline doesn't catch this CVE (
> > >
> > https://ci-hadoop.apache.org/view/ZooKeeper/job/zookeeper-multi-branch-owasp/job/master/
> > ),
> > > maybe this is some bug in OWASP that is triggered only with certain
> > > maven
> > > versions or during building on certain platforms? I ran OWASP on
> > > Ubuntu
> > > 18.04.2 with maven 3.9.3.
> > >
> > > 2) Also I see that the website (
> > >
> > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/index.html
> > )
> > > is still showing "ZooKeeper 3.8 Documentation" on the top
> > >
> > >
> > > What do you think? We shouldn't pass the RC until we are certain
> > > about the
> > > CVE issue. (unless this is something happening only on my setup... it
> > > is
> > > strange that OWAPS is green on CI)
> > >
> > >
> > > Beside these, I ran all my usual RC test steps, and found no other
> > > issues
> > > with the RC:
> > > - verified checksum and gpg signature of the artifacts
> > > - I built the source code (incl. the C-client, using -Pfull-build) on
> > > Ubuntu 18.04.2 using OpenJDK 8u372, maven 3.9.3 and GCC version 7.4.0
> > > - all the unit tests passed (both Java and C-client)
> > > - I also built and executed unit tests for zkpython
> > > - I also built the java code (without -Pfull-build) using other JDK
> > > versions: 11.0.19, 17.0.7, 20.0.1 (but didn't run the tests this
> > > time, just
> > > used 'clean install -DskipTests')
> > > - checkstyle and spotbugs passed
> > > - apache-rat passed
> > > - fatjar built
> > > - I executed quick rolling-upgrade tests (using
> > > https://github.com/symat/zk-rolling-upgrade-test):
> > > - rolling upgrade from 3.5.10 to 3.9.0
> > > - rolling upgrade from 3.6.4 to 3.9.0
> > > - rolling upgrade from 3.7.1 to 3.9.0
> > > - rolling upgrade from 3.8.2 to 3.9.0
> > > - compared generated release notes (
> > >
> > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/releasenotes.html
> > > ) with Jira (
> > >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12351304
> > > )
> > >
> > >
> > > Best regards,
> > > Máté
> > >
> > > On Mon, Jul 17, 2023 at 3:11 PM Andor Molnar <an...@apache.org>
> > > wrote:
> > >
> > > > Hi team,
> > > >
> > > > This is a release candidate for 3.9.0.
> > > >
> > > > It is a major release and it introduces a lot of new features, most
> > > > notably:
> > > > - Admin server API for taking snapshot and stream out the data
> > > > - Communicate the Zxid that triggered a WatchEvent to fire
> > > > - TLS - dynamic loading for client trust/key store
> > > > - Add Netty-TcNative OpenSSL Support
> > > > - Adding SSL support to Zktreeutil
> > > > - Improve syncRequestProcessor performance
> > > > - Updates to all the third party dependencies to get rid of every
> > > > known
> > > > CVE.
> > > >
> > > > The full release notes is available at:
> > > >
> > > >
> > > >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12351304
> > > >
> > > > *** Please download, test and vote by July 30th 2023, 23:59 UTC+0.
> > > > ***
> > > >
> > > > Source files:
> > > >
> > > >
> > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/
> > > >
> > > > Maven staging repo:
> > > >
> > > >
> > https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.9.0/
> > > >
> > > > The release candidate tag in git to be voted upon: release-3.8.0-1
> > > > https://github.com/apache/zookeeper/tree/release-3.9.0-0
> > > >
> > > > ZooKeeper's KEYS file containing PGP keys we use to sign the
> > > > release:
> > > > https://www.apache.org/dist/zookeeper/KEYS
> > > >
> > > > The staging version of the website is:
> > > >
> > > >
> > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/index.html
> > > >
> > > >
> > > > Should we release this candidate?
> > > >
> > > >
> > > > Regards,
> > > > Andor
> > > >
> > > >
> > > >
> >
> >
Re: [VOTE] Apache ZooKeeper release 3.9.0 candidate 0
Posted by Szalay-Bekő Máté <sz...@gmail.com>.
Thanks Andor!
> Since we don't have better idea, I opened a pull request to upgrade OWASP
to the latest (8.3.1) version.
Yes, I tested the PR, upgrading OWASP is solving the issue also on my
machine. I approved the PR.
Regards,
Máté
On Tue, Jul 18, 2023 at 1:45 PM Andor Molnar <an...@apache.org> wrote:
> Hi Mate,
>
> I take your e-mail as a -1 vote, so this RC VOTE is CANCELLED.
> I'll prepare another rc.
>
> Regards,
> Andor
>
>
> On Mon, 2023-07-17 at 22:50 +0200, Szalay-Bekő Máté wrote:
> > Hello Andor!
> >
> > Thanks for this great release!
> >
> > I found two issues with RC0:
> >
> > 1) OWASP CVE check (mvn dependency-check:check) failed with
> > "netty-tcnative-boringssl-static-2.0.61.Final-osx-x86_64.jar:
> > CVE-2011-1797(9.3)"
> >
> > This seems to be a false positive to me (looks to be some security
> > issue
> > affecting old safari / chromium web browser versions?). I didn't get
> > deep
> > into this, but I guess we see this since
> > https://issues.apache.org/jira/browse/ZOOKEEPER-4622
> >
> > Interestingly, the CI pipeline doesn't catch this CVE (
> >
> https://ci-hadoop.apache.org/view/ZooKeeper/job/zookeeper-multi-branch-owasp/job/master/
> ),
> > maybe this is some bug in OWASP that is triggered only with certain
> > maven
> > versions or during building on certain platforms? I ran OWASP on
> > Ubuntu
> > 18.04.2 with maven 3.9.3.
> >
> > 2) Also I see that the website (
> >
> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/index.html
> )
> > is still showing "ZooKeeper 3.8 Documentation" on the top
> >
> >
> > What do you think? We shouldn't pass the RC until we are certain
> > about the
> > CVE issue. (unless this is something happening only on my setup... it
> > is
> > strange that OWAPS is green on CI)
> >
> >
> > Beside these, I ran all my usual RC test steps, and found no other
> > issues
> > with the RC:
> > - verified checksum and gpg signature of the artifacts
> > - I built the source code (incl. the C-client, using -Pfull-build) on
> > Ubuntu 18.04.2 using OpenJDK 8u372, maven 3.9.3 and GCC version 7.4.0
> > - all the unit tests passed (both Java and C-client)
> > - I also built and executed unit tests for zkpython
> > - I also built the java code (without -Pfull-build) using other JDK
> > versions: 11.0.19, 17.0.7, 20.0.1 (but didn't run the tests this
> > time, just
> > used 'clean install -DskipTests')
> > - checkstyle and spotbugs passed
> > - apache-rat passed
> > - fatjar built
> > - I executed quick rolling-upgrade tests (using
> > https://github.com/symat/zk-rolling-upgrade-test):
> > - rolling upgrade from 3.5.10 to 3.9.0
> > - rolling upgrade from 3.6.4 to 3.9.0
> > - rolling upgrade from 3.7.1 to 3.9.0
> > - rolling upgrade from 3.8.2 to 3.9.0
> > - compared generated release notes (
> >
> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/releasenotes.html
> > ) with Jira (
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12351304
> > )
> >
> >
> > Best regards,
> > Máté
> >
> > On Mon, Jul 17, 2023 at 3:11 PM Andor Molnar <an...@apache.org>
> > wrote:
> >
> > > Hi team,
> > >
> > > This is a release candidate for 3.9.0.
> > >
> > > It is a major release and it introduces a lot of new features, most
> > > notably:
> > > - Admin server API for taking snapshot and stream out the data
> > > - Communicate the Zxid that triggered a WatchEvent to fire
> > > - TLS - dynamic loading for client trust/key store
> > > - Add Netty-TcNative OpenSSL Support
> > > - Adding SSL support to Zktreeutil
> > > - Improve syncRequestProcessor performance
> > > - Updates to all the third party dependencies to get rid of every
> > > known
> > > CVE.
> > >
> > > The full release notes is available at:
> > >
> > >
> > >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12351304
> > >
> > > *** Please download, test and vote by July 30th 2023, 23:59 UTC+0.
> > > ***
> > >
> > > Source files:
> > >
> > >
> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/
> > >
> > > Maven staging repo:
> > >
> > >
> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.9.0/
> > >
> > > The release candidate tag in git to be voted upon: release-3.8.0-1
> > > https://github.com/apache/zookeeper/tree/release-3.9.0-0
> > >
> > > ZooKeeper's KEYS file containing PGP keys we use to sign the
> > > release:
> > > https://www.apache.org/dist/zookeeper/KEYS
> > >
> > > The staging version of the website is:
> > >
> > >
> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/index.html
> > >
> > >
> > > Should we release this candidate?
> > >
> > >
> > > Regards,
> > > Andor
> > >
> > >
> > >
>
>
Re: [VOTE] Apache ZooKeeper release 3.9.0 candidate 0
Posted by Andor Molnar <an...@apache.org>.
Hi Mate,
I take your e-mail as a -1 vote, so this RC VOTE is CANCELLED.
I'll prepare another rc.
Regards,
Andor
On Mon, 2023-07-17 at 22:50 +0200, Szalay-Bekő Máté wrote:
> Hello Andor!
>
> Thanks for this great release!
>
> I found two issues with RC0:
>
> 1) OWASP CVE check (mvn dependency-check:check) failed with
> "netty-tcnative-boringssl-static-2.0.61.Final-osx-x86_64.jar:
> CVE-2011-1797(9.3)"
>
> This seems to be a false positive to me (looks to be some security
> issue
> affecting old safari / chromium web browser versions?). I didn't get
> deep
> into this, but I guess we see this since
> https://issues.apache.org/jira/browse/ZOOKEEPER-4622
>
> Interestingly, the CI pipeline doesn't catch this CVE (
> https://ci-hadoop.apache.org/view/ZooKeeper/job/zookeeper-multi-branch-owasp/job/master/),
> maybe this is some bug in OWASP that is triggered only with certain
> maven
> versions or during building on certain platforms? I ran OWASP on
> Ubuntu
> 18.04.2 with maven 3.9.3.
>
> 2) Also I see that the website (
> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/index.html)
> is still showing "ZooKeeper 3.8 Documentation" on the top
>
>
> What do you think? We shouldn't pass the RC until we are certain
> about the
> CVE issue. (unless this is something happening only on my setup... it
> is
> strange that OWAPS is green on CI)
>
>
> Beside these, I ran all my usual RC test steps, and found no other
> issues
> with the RC:
> - verified checksum and gpg signature of the artifacts
> - I built the source code (incl. the C-client, using -Pfull-build) on
> Ubuntu 18.04.2 using OpenJDK 8u372, maven 3.9.3 and GCC version 7.4.0
> - all the unit tests passed (both Java and C-client)
> - I also built and executed unit tests for zkpython
> - I also built the java code (without -Pfull-build) using other JDK
> versions: 11.0.19, 17.0.7, 20.0.1 (but didn't run the tests this
> time, just
> used 'clean install -DskipTests')
> - checkstyle and spotbugs passed
> - apache-rat passed
> - fatjar built
> - I executed quick rolling-upgrade tests (using
> https://github.com/symat/zk-rolling-upgrade-test):
> - rolling upgrade from 3.5.10 to 3.9.0
> - rolling upgrade from 3.6.4 to 3.9.0
> - rolling upgrade from 3.7.1 to 3.9.0
> - rolling upgrade from 3.8.2 to 3.9.0
> - compared generated release notes (
> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/releasenotes.html
> ) with Jira (
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12351304
> )
>
>
> Best regards,
> Máté
>
> On Mon, Jul 17, 2023 at 3:11 PM Andor Molnar <an...@apache.org>
> wrote:
>
> > Hi team,
> >
> > This is a release candidate for 3.9.0.
> >
> > It is a major release and it introduces a lot of new features, most
> > notably:
> > - Admin server API for taking snapshot and stream out the data
> > - Communicate the Zxid that triggered a WatchEvent to fire
> > - TLS - dynamic loading for client trust/key store
> > - Add Netty-TcNative OpenSSL Support
> > - Adding SSL support to Zktreeutil
> > - Improve syncRequestProcessor performance
> > - Updates to all the third party dependencies to get rid of every
> > known
> > CVE.
> >
> > The full release notes is available at:
> >
> >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12351304
> >
> > *** Please download, test and vote by July 30th 2023, 23:59 UTC+0.
> > ***
> >
> > Source files:
> >
> > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/
> >
> > Maven staging repo:
> >
> > https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.9.0/
> >
> > The release candidate tag in git to be voted upon: release-3.8.0-1
> > https://github.com/apache/zookeeper/tree/release-3.9.0-0
> >
> > ZooKeeper's KEYS file containing PGP keys we use to sign the
> > release:
> > https://www.apache.org/dist/zookeeper/KEYS
> >
> > The staging version of the website is:
> >
> > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/index.html
> >
> >
> > Should we release this candidate?
> >
> >
> > Regards,
> > Andor
> >
> >
> >
Re: [VOTE] Apache ZooKeeper release 3.9.0 candidate 0
Posted by Szalay-Bekő Máté <sz...@gmail.com>.
Hello Andor!
Thanks for this great release!
I found two issues with RC0:
1) OWASP CVE check (mvn dependency-check:check) failed with
"netty-tcnative-boringssl-static-2.0.61.Final-osx-x86_64.jar:
CVE-2011-1797(9.3)"
This seems to be a false positive to me (looks to be some security issue
affecting old safari / chromium web browser versions?). I didn't get deep
into this, but I guess we see this since
https://issues.apache.org/jira/browse/ZOOKEEPER-4622
Interestingly, the CI pipeline doesn't catch this CVE (
https://ci-hadoop.apache.org/view/ZooKeeper/job/zookeeper-multi-branch-owasp/job/master/),
maybe this is some bug in OWASP that is triggered only with certain maven
versions or during building on certain platforms? I ran OWASP on Ubuntu
18.04.2 with maven 3.9.3.
2) Also I see that the website (
https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/index.html)
is still showing "ZooKeeper 3.8 Documentation" on the top
What do you think? We shouldn't pass the RC until we are certain about the
CVE issue. (unless this is something happening only on my setup... it is
strange that OWAPS is green on CI)
Beside these, I ran all my usual RC test steps, and found no other issues
with the RC:
- verified checksum and gpg signature of the artifacts
- I built the source code (incl. the C-client, using -Pfull-build) on
Ubuntu 18.04.2 using OpenJDK 8u372, maven 3.9.3 and GCC version 7.4.0
- all the unit tests passed (both Java and C-client)
- I also built and executed unit tests for zkpython
- I also built the java code (without -Pfull-build) using other JDK
versions: 11.0.19, 17.0.7, 20.0.1 (but didn't run the tests this time, just
used 'clean install -DskipTests')
- checkstyle and spotbugs passed
- apache-rat passed
- fatjar built
- I executed quick rolling-upgrade tests (using
https://github.com/symat/zk-rolling-upgrade-test):
- rolling upgrade from 3.5.10 to 3.9.0
- rolling upgrade from 3.6.4 to 3.9.0
- rolling upgrade from 3.7.1 to 3.9.0
- rolling upgrade from 3.8.2 to 3.9.0
- compared generated release notes (
https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/releasenotes.html
) with Jira (
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12351304
)
Best regards,
Máté
On Mon, Jul 17, 2023 at 3:11 PM Andor Molnar <an...@apache.org> wrote:
> Hi team,
>
> This is a release candidate for 3.9.0.
>
> It is a major release and it introduces a lot of new features, most
> notably:
> - Admin server API for taking snapshot and stream out the data
> - Communicate the Zxid that triggered a WatchEvent to fire
> - TLS - dynamic loading for client trust/key store
> - Add Netty-TcNative OpenSSL Support
> - Adding SSL support to Zktreeutil
> - Improve syncRequestProcessor performance
> - Updates to all the third party dependencies to get rid of every known
> CVE.
>
> The full release notes is available at:
>
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12351304
>
> *** Please download, test and vote by July 30th 2023, 23:59 UTC+0. ***
>
> Source files:
>
> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/
>
> Maven staging repo:
>
> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.9.0/
>
> The release candidate tag in git to be voted upon: release-3.8.0-1
> https://github.com/apache/zookeeper/tree/release-3.9.0-0
>
> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
> https://www.apache.org/dist/zookeeper/KEYS
>
> The staging version of the website is:
>
> https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.9.0-candidate-0/website/index.html
>
>
> Should we release this candidate?
>
>
> Regards,
> Andor
>
>
>