6.6.6 Release

[Ishan Chattopadhyaya <ic...@gmail.com>]

Hi,
There is a severe memory leak bug,
https://issues.apache.org/jira/browse/SOLR-10506, that didn't make it to
the 6x branch at the time of its resolution.

I propose a 6.6.6 release with that fix (and any others that might be low
hanging, high severity issues). I am volunteering to be the RM for this.
Please let me know if there are any thoughts or objections.
Regards,
Ishan

Disclaimer: I am primarily interested in this release upon the request of
one of my clients who are impacted by this bug, and I'm proposing to do
this release on their request.

Re: 6.6.6 Release

[Ishan Chattopadhyaya <ic...@gmail.com>]

> Thanks for working on this Ishan, I'll commit SOLR-13301 into the branch
too.
Thanks Tomas!

Also, thanks Jan for backporting SOLR-12473.

On Tue, Mar 26, 2019 at 10:14 AM Tomás Fernández Löbbe <
tomasflobbe@gmail.com> wrote:

> Thanks for working on this Ishan, I'll commit SOLR-13301 into the branch
> too.
>
> On Mon, Mar 25, 2019 at 12:13 AM Ishan Chattopadhyaya <
> ichattopadhyaya@gmail.com> wrote:
>
>> Hi,
>> I have backported the following:
>> SOLR-10506 (Memory leak)
>> SOLR-12770 ("shards" security fix)
>> SOLR-12514 (Authorization plugin skipped on nodes where collection not
>> present)
>>
>> I can see that Tika version in branch_6_6 is 1.16, and SOLR-10335
>> (upgrade to 1.16) already fixes CVE-2016-6809 (SOLR-11486). Hence, I'm
>> not attempting to upgrade it further (to 1.19 or later, for example).
>>
>> After backporting SOLR-12770 I am running the tests, and I've not
>> encountered any reproducible failures yet. However, there are some flakey
>> tests and I'm not very sure if my backporting introduced that flakiness or
>> not (the logs don't seem to indicate that), since some of those tests
>> failed even before my backporting. I'm planning to run the tests a bit
>> more to see if any reproducible failures are encountered. If all well, then
>> I'm planning to start the release process tomorrow. If there are more fixes
>> that should be backported, please let me know. Also, if someone can review
>> the branch for the backported fixes, would be very welcome.
>>
>> Thanks,
>> Ishan
>>
>> On Mon, Mar 18, 2019 at 1:06 PM Ishan Chattopadhyaya <
>> ichattopadhyaya@gmail.com> wrote:
>>
>>> > But I think that means we need to backport ALL known CVE issues that
>>> affects 6.x, is that your plan?
>>> That's a good point. Wasn't originally my plan, but I can port as many
>>> CVEs that I reasonably can. :-)
>>>
>>> I'm also now wondering if upgrading Tika and others in a bugfix release
>>> is a good idea. My thought is that if a user is stuck with 6x, these CVE
>>> fixes will help a lot. Hence, it makes sense to me to try to upgrade these
>>> components.
>>>
>>> On Mon, Mar 18, 2019 at 12:49 PM Jan Høydahl <ja...@cominvent.com>
>>> wrote:
>>>
>>>> Ok for me. But I think that means we need to backport ALL known CVE
>>>> issues that affects 6.x, is that your plan?
>>>> I'm not sure if we are also expected (by ASF) to upgrade dependencies
>>>> with known vulnerabilities, e.g. Tika, commons-xxx etc, do you know?
>>>>
>>>> --
>>>> Jan Høydahl, search solution architect
>>>> Cominvent AS - www.cominvent.com
>>>>
>>>> 18. mar. 2019 kl. 08:08 skrev Ishan Chattopadhyaya <
>>>> ichattopadhyaya@gmail.com>:
>>>>
>>>> Hi,
>>>> There is a severe memory leak bug,
>>>> https://issues.apache.org/jira/browse/SOLR-10506, that didn't make it
>>>> to the 6x branch at the time of its resolution.
>>>>
>>>> I propose a 6.6.6 release with that fix (and any others that might be
>>>> low hanging, high severity issues). I am volunteering to be the RM for this.
>>>> Please let me know if there are any thoughts or objections.
>>>> Regards,
>>>> Ishan
>>>>
>>>> Disclaimer: I am primarily interested in this release upon the request
>>>> of one of my clients who are impacted by this bug, and I'm proposing to do
>>>> this release on their request.
>>>>
>>>>
>>>>

Re: 6.6.6 Release

[Ishan Chattopadhyaya <ic...@gmail.com>]

> Is it documented somewhere how to set up a Jenkins config to run
Lucene/Solr tests?  We have no Jenkinsfile.
Not sure, but I just had a simple build step as follows in the Jenkins
configuration:

ant ivy-bootstrap; cd solr/core; ant -Dtests.jvms=8 test

I remember Steve having a very good script that he runs on his Jenkins. I
think we should have that and a Jenkinsfile in the repository. (Maybe even
Mark's best ever beasting script should also make it into the repository?)

On Tue, Mar 26, 2019 at 6:04 PM David Smiley <da...@gmail.com>
wrote:

> Is it documented somewhere how to set up a Jenkins config to run
> Lucene/Solr tests?  We have no Jenkinsfile.
>
> ~ David Smiley
> Apache Lucene/Solr Search Developer
> http://www.linkedin.com/in/davidwsmiley
>
>
> On Tue, Mar 26, 2019 at 6:13 AM Ishan Chattopadhyaya <
> ichattopadhyaya@gmail.com> wrote:
>
>> I've setup a Jenkins for branch 6.6,
>> http://threadripper.dnsabr.com:8080/job/Solr_6_6/
>>
>> On Tue 26 Mar, 2019, 10:14 AM Tomás Fernández Löbbe, <
>> tomasflobbe@gmail.com> wrote:
>>
>>> Thanks for working on this Ishan, I'll commit SOLR-13301 into the branch
>>> too.
>>>
>>> On Mon, Mar 25, 2019 at 12:13 AM Ishan Chattopadhyaya <
>>> ichattopadhyaya@gmail.com> wrote:
>>>
>>>> Hi,
>>>> I have backported the following:
>>>> SOLR-10506 (Memory leak)
>>>> SOLR-12770 ("shards" security fix)
>>>> SOLR-12514 (Authorization plugin skipped on nodes where collection not
>>>> present)
>>>>
>>>> I can see that Tika version in branch_6_6 is 1.16, and SOLR-10335
>>>> (upgrade to 1.16) already fixes CVE-2016-6809 (SOLR-11486). Hence, I'm
>>>> not attempting to upgrade it further (to 1.19 or later, for example).
>>>>
>>>> After backporting SOLR-12770 I am running the tests, and I've not
>>>> encountered any reproducible failures yet. However, there are some flakey
>>>> tests and I'm not very sure if my backporting introduced that flakiness or
>>>> not (the logs don't seem to indicate that), since some of those tests
>>>> failed even before my backporting. I'm planning to run the tests a bit
>>>> more to see if any reproducible failures are encountered. If all well, then
>>>> I'm planning to start the release process tomorrow. If there are more fixes
>>>> that should be backported, please let me know. Also, if someone can review
>>>> the branch for the backported fixes, would be very welcome.
>>>>
>>>> Thanks,
>>>> Ishan
>>>>
>>>> On Mon, Mar 18, 2019 at 1:06 PM Ishan Chattopadhyaya <
>>>> ichattopadhyaya@gmail.com> wrote:
>>>>
>>>>> > But I think that means we need to backport ALL known CVE issues that
>>>>> affects 6.x, is that your plan?
>>>>> That's a good point. Wasn't originally my plan, but I can port as many
>>>>> CVEs that I reasonably can. :-)
>>>>>
>>>>> I'm also now wondering if upgrading Tika and others in a bugfix
>>>>> release is a good idea. My thought is that if a user is stuck with 6x,
>>>>> these CVE fixes will help a lot. Hence, it makes sense to me to try to
>>>>> upgrade these components.
>>>>>
>>>>> On Mon, Mar 18, 2019 at 12:49 PM Jan Høydahl <ja...@cominvent.com>
>>>>> wrote:
>>>>>
>>>>>> Ok for me. But I think that means we need to backport ALL known CVE
>>>>>> issues that affects 6.x, is that your plan?
>>>>>> I'm not sure if we are also expected (by ASF) to upgrade dependencies
>>>>>> with known vulnerabilities, e.g. Tika, commons-xxx etc, do you know?
>>>>>>
>>>>>> --
>>>>>> Jan Høydahl, search solution architect
>>>>>> Cominvent AS - www.cominvent.com
>>>>>>
>>>>>> 18. mar. 2019 kl. 08:08 skrev Ishan Chattopadhyaya <
>>>>>> ichattopadhyaya@gmail.com>:
>>>>>>
>>>>>> Hi,
>>>>>> There is a severe memory leak bug,
>>>>>> https://issues.apache.org/jira/browse/SOLR-10506, that didn't make
>>>>>> it to the 6x branch at the time of its resolution.
>>>>>>
>>>>>> I propose a 6.6.6 release with that fix (and any others that might be
>>>>>> low hanging, high severity issues). I am volunteering to be the RM for this.
>>>>>> Please let me know if there are any thoughts or objections.
>>>>>> Regards,
>>>>>> Ishan
>>>>>>
>>>>>> Disclaimer: I am primarily interested in this release upon the
>>>>>> request of one of my clients who are impacted by this bug, and I'm
>>>>>> proposing to do this release on their request.
>>>>>>
>>>>>>
>>>>>>

Re: 6.6.6 Release

[David Smiley <da...@gmail.com>]

Is it documented somewhere how to set up a Jenkins config to run
Lucene/Solr tests?  We have no Jenkinsfile.

~ David Smiley
Apache Lucene/Solr Search Developer
http://www.linkedin.com/in/davidwsmiley


On Tue, Mar 26, 2019 at 6:13 AM Ishan Chattopadhyaya <
ichattopadhyaya@gmail.com> wrote:

> I've setup a Jenkins for branch 6.6,
> http://threadripper.dnsabr.com:8080/job/Solr_6_6/
>
> On Tue 26 Mar, 2019, 10:14 AM Tomás Fernández Löbbe, <
> tomasflobbe@gmail.com> wrote:
>
>> Thanks for working on this Ishan, I'll commit SOLR-13301 into the branch
>> too.
>>
>> On Mon, Mar 25, 2019 at 12:13 AM Ishan Chattopadhyaya <
>> ichattopadhyaya@gmail.com> wrote:
>>
>>> Hi,
>>> I have backported the following:
>>> SOLR-10506 (Memory leak)
>>> SOLR-12770 ("shards" security fix)
>>> SOLR-12514 (Authorization plugin skipped on nodes where collection not
>>> present)
>>>
>>> I can see that Tika version in branch_6_6 is 1.16, and SOLR-10335
>>> (upgrade to 1.16) already fixes CVE-2016-6809 (SOLR-11486). Hence, I'm
>>> not attempting to upgrade it further (to 1.19 or later, for example).
>>>
>>> After backporting SOLR-12770 I am running the tests, and I've not
>>> encountered any reproducible failures yet. However, there are some flakey
>>> tests and I'm not very sure if my backporting introduced that flakiness or
>>> not (the logs don't seem to indicate that), since some of those tests
>>> failed even before my backporting. I'm planning to run the tests a bit
>>> more to see if any reproducible failures are encountered. If all well, then
>>> I'm planning to start the release process tomorrow. If there are more fixes
>>> that should be backported, please let me know. Also, if someone can review
>>> the branch for the backported fixes, would be very welcome.
>>>
>>> Thanks,
>>> Ishan
>>>
>>> On Mon, Mar 18, 2019 at 1:06 PM Ishan Chattopadhyaya <
>>> ichattopadhyaya@gmail.com> wrote:
>>>
>>>> > But I think that means we need to backport ALL known CVE issues that
>>>> affects 6.x, is that your plan?
>>>> That's a good point. Wasn't originally my plan, but I can port as many
>>>> CVEs that I reasonably can. :-)
>>>>
>>>> I'm also now wondering if upgrading Tika and others in a bugfix release
>>>> is a good idea. My thought is that if a user is stuck with 6x, these CVE
>>>> fixes will help a lot. Hence, it makes sense to me to try to upgrade these
>>>> components.
>>>>
>>>> On Mon, Mar 18, 2019 at 12:49 PM Jan Høydahl <ja...@cominvent.com>
>>>> wrote:
>>>>
>>>>> Ok for me. But I think that means we need to backport ALL known CVE
>>>>> issues that affects 6.x, is that your plan?
>>>>> I'm not sure if we are also expected (by ASF) to upgrade dependencies
>>>>> with known vulnerabilities, e.g. Tika, commons-xxx etc, do you know?
>>>>>
>>>>> --
>>>>> Jan Høydahl, search solution architect
>>>>> Cominvent AS - www.cominvent.com
>>>>>
>>>>> 18. mar. 2019 kl. 08:08 skrev Ishan Chattopadhyaya <
>>>>> ichattopadhyaya@gmail.com>:
>>>>>
>>>>> Hi,
>>>>> There is a severe memory leak bug,
>>>>> https://issues.apache.org/jira/browse/SOLR-10506, that didn't make it
>>>>> to the 6x branch at the time of its resolution.
>>>>>
>>>>> I propose a 6.6.6 release with that fix (and any others that might be
>>>>> low hanging, high severity issues). I am volunteering to be the RM for this.
>>>>> Please let me know if there are any thoughts or objections.
>>>>> Regards,
>>>>> Ishan
>>>>>
>>>>> Disclaimer: I am primarily interested in this release upon the request
>>>>> of one of my clients who are impacted by this bug, and I'm proposing to do
>>>>> this release on their request.
>>>>>
>>>>>
>>>>>

Re: 6.6.6 Release

[Ishan Chattopadhyaya <ic...@gmail.com>]

I've setup a Jenkins for branch 6.6,
http://threadripper.dnsabr.com:8080/job/Solr_6_6/

On Tue 26 Mar, 2019, 10:14 AM Tomás Fernández Löbbe, <to...@gmail.com>
wrote:

> Thanks for working on this Ishan, I'll commit SOLR-13301 into the branch
> too.
>
> On Mon, Mar 25, 2019 at 12:13 AM Ishan Chattopadhyaya <
> ichattopadhyaya@gmail.com> wrote:
>
>> Hi,
>> I have backported the following:
>> SOLR-10506 (Memory leak)
>> SOLR-12770 ("shards" security fix)
>> SOLR-12514 (Authorization plugin skipped on nodes where collection not
>> present)
>>
>> I can see that Tika version in branch_6_6 is 1.16, and SOLR-10335
>> (upgrade to 1.16) already fixes CVE-2016-6809 (SOLR-11486). Hence, I'm
>> not attempting to upgrade it further (to 1.19 or later, for example).
>>
>> After backporting SOLR-12770 I am running the tests, and I've not
>> encountered any reproducible failures yet. However, there are some flakey
>> tests and I'm not very sure if my backporting introduced that flakiness or
>> not (the logs don't seem to indicate that), since some of those tests
>> failed even before my backporting. I'm planning to run the tests a bit
>> more to see if any reproducible failures are encountered. If all well, then
>> I'm planning to start the release process tomorrow. If there are more fixes
>> that should be backported, please let me know. Also, if someone can review
>> the branch for the backported fixes, would be very welcome.
>>
>> Thanks,
>> Ishan
>>
>> On Mon, Mar 18, 2019 at 1:06 PM Ishan Chattopadhyaya <
>> ichattopadhyaya@gmail.com> wrote:
>>
>>> > But I think that means we need to backport ALL known CVE issues that
>>> affects 6.x, is that your plan?
>>> That's a good point. Wasn't originally my plan, but I can port as many
>>> CVEs that I reasonably can. :-)
>>>
>>> I'm also now wondering if upgrading Tika and others in a bugfix release
>>> is a good idea. My thought is that if a user is stuck with 6x, these CVE
>>> fixes will help a lot. Hence, it makes sense to me to try to upgrade these
>>> components.
>>>
>>> On Mon, Mar 18, 2019 at 12:49 PM Jan Høydahl <ja...@cominvent.com>
>>> wrote:
>>>
>>>> Ok for me. But I think that means we need to backport ALL known CVE
>>>> issues that affects 6.x, is that your plan?
>>>> I'm not sure if we are also expected (by ASF) to upgrade dependencies
>>>> with known vulnerabilities, e.g. Tika, commons-xxx etc, do you know?
>>>>
>>>> --
>>>> Jan Høydahl, search solution architect
>>>> Cominvent AS - www.cominvent.com
>>>>
>>>> 18. mar. 2019 kl. 08:08 skrev Ishan Chattopadhyaya <
>>>> ichattopadhyaya@gmail.com>:
>>>>
>>>> Hi,
>>>> There is a severe memory leak bug,
>>>> https://issues.apache.org/jira/browse/SOLR-10506, that didn't make it
>>>> to the 6x branch at the time of its resolution.
>>>>
>>>> I propose a 6.6.6 release with that fix (and any others that might be
>>>> low hanging, high severity issues). I am volunteering to be the RM for this.
>>>> Please let me know if there are any thoughts or objections.
>>>> Regards,
>>>> Ishan
>>>>
>>>> Disclaimer: I am primarily interested in this release upon the request
>>>> of one of my clients who are impacted by this bug, and I'm proposing to do
>>>> this release on their request.
>>>>
>>>>
>>>>

Re: 6.6.6 Release

[Tomás Fernández Löbbe <to...@gmail.com>]

Thanks for working on this Ishan, I'll commit SOLR-13301 into the branch
too.

On Mon, Mar 25, 2019 at 12:13 AM Ishan Chattopadhyaya <
ichattopadhyaya@gmail.com> wrote:

> Hi,
> I have backported the following:
> SOLR-10506 (Memory leak)
> SOLR-12770 ("shards" security fix)
> SOLR-12514 (Authorization plugin skipped on nodes where collection not
> present)
>
> I can see that Tika version in branch_6_6 is 1.16, and SOLR-10335 (upgrade
> to 1.16) already fixes CVE-2016-6809 (SOLR-11486). Hence, I'm not
> attempting to upgrade it further (to 1.19 or later, for example).
>
> After backporting SOLR-12770 I am running the tests, and I've not
> encountered any reproducible failures yet. However, there are some flakey
> tests and I'm not very sure if my backporting introduced that flakiness or
> not (the logs don't seem to indicate that), since some of those tests
> failed even before my backporting. I'm planning to run the tests a bit
> more to see if any reproducible failures are encountered. If all well, then
> I'm planning to start the release process tomorrow. If there are more fixes
> that should be backported, please let me know. Also, if someone can review
> the branch for the backported fixes, would be very welcome.
>
> Thanks,
> Ishan
>
> On Mon, Mar 18, 2019 at 1:06 PM Ishan Chattopadhyaya <
> ichattopadhyaya@gmail.com> wrote:
>
>> > But I think that means we need to backport ALL known CVE issues that
>> affects 6.x, is that your plan?
>> That's a good point. Wasn't originally my plan, but I can port as many
>> CVEs that I reasonably can. :-)
>>
>> I'm also now wondering if upgrading Tika and others in a bugfix release
>> is a good idea. My thought is that if a user is stuck with 6x, these CVE
>> fixes will help a lot. Hence, it makes sense to me to try to upgrade these
>> components.
>>
>> On Mon, Mar 18, 2019 at 12:49 PM Jan Høydahl <ja...@cominvent.com>
>> wrote:
>>
>>> Ok for me. But I think that means we need to backport ALL known CVE
>>> issues that affects 6.x, is that your plan?
>>> I'm not sure if we are also expected (by ASF) to upgrade dependencies
>>> with known vulnerabilities, e.g. Tika, commons-xxx etc, do you know?
>>>
>>> --
>>> Jan Høydahl, search solution architect
>>> Cominvent AS - www.cominvent.com
>>>
>>> 18. mar. 2019 kl. 08:08 skrev Ishan Chattopadhyaya <
>>> ichattopadhyaya@gmail.com>:
>>>
>>> Hi,
>>> There is a severe memory leak bug,
>>> https://issues.apache.org/jira/browse/SOLR-10506, that didn't make it
>>> to the 6x branch at the time of its resolution.
>>>
>>> I propose a 6.6.6 release with that fix (and any others that might be
>>> low hanging, high severity issues). I am volunteering to be the RM for this.
>>> Please let me know if there are any thoughts or objections.
>>> Regards,
>>> Ishan
>>>
>>> Disclaimer: I am primarily interested in this release upon the request
>>> of one of my clients who are impacted by this bug, and I'm proposing to do
>>> this release on their request.
>>>
>>>
>>>

Re: 6.6.6 Release

[Ishan Chattopadhyaya <ic...@gmail.com>]

Hi,
I have backported the following:
SOLR-10506 (Memory leak)
SOLR-12770 ("shards" security fix)
SOLR-12514 (Authorization plugin skipped on nodes where collection not
present)

I can see that Tika version in branch_6_6 is 1.16, and SOLR-10335 (upgrade
to 1.16) already fixes CVE-2016-6809 (SOLR-11486). Hence, I'm not
attempting to upgrade it further (to 1.19 or later, for example).

After backporting SOLR-12770 I am running the tests, and I've not
encountered any reproducible failures yet. However, there are some flakey
tests and I'm not very sure if my backporting introduced that flakiness or
not (the logs don't seem to indicate that), since some of those tests
failed even before my backporting. I'm planning to run the tests a bit more
to see if any reproducible failures are encountered. If all well, then I'm
planning to start the release process tomorrow. If there are more fixes
that should be backported, please let me know. Also, if someone can review
the branch for the backported fixes, would be very welcome.

Thanks,
Ishan

On Mon, Mar 18, 2019 at 1:06 PM Ishan Chattopadhyaya <
ichattopadhyaya@gmail.com> wrote:

> > But I think that means we need to backport ALL known CVE issues that
> affects 6.x, is that your plan?
> That's a good point. Wasn't originally my plan, but I can port as many
> CVEs that I reasonably can. :-)
>
> I'm also now wondering if upgrading Tika and others in a bugfix release is
> a good idea. My thought is that if a user is stuck with 6x, these CVE fixes
> will help a lot. Hence, it makes sense to me to try to upgrade these
> components.
>
> On Mon, Mar 18, 2019 at 12:49 PM Jan Høydahl <ja...@cominvent.com>
> wrote:
>
>> Ok for me. But I think that means we need to backport ALL known CVE
>> issues that affects 6.x, is that your plan?
>> I'm not sure if we are also expected (by ASF) to upgrade dependencies
>> with known vulnerabilities, e.g. Tika, commons-xxx etc, do you know?
>>
>> --
>> Jan Høydahl, search solution architect
>> Cominvent AS - www.cominvent.com
>>
>> 18. mar. 2019 kl. 08:08 skrev Ishan Chattopadhyaya <
>> ichattopadhyaya@gmail.com>:
>>
>> Hi,
>> There is a severe memory leak bug,
>> https://issues.apache.org/jira/browse/SOLR-10506, that didn't make it to
>> the 6x branch at the time of its resolution.
>>
>> I propose a 6.6.6 release with that fix (and any others that might be low
>> hanging, high severity issues). I am volunteering to be the RM for this.
>> Please let me know if there are any thoughts or objections.
>> Regards,
>> Ishan
>>
>> Disclaimer: I am primarily interested in this release upon the request of
>> one of my clients who are impacted by this bug, and I'm proposing to do
>> this release on their request.
>>
>>
>>

Re: 6.6.6 Release

[Ishan Chattopadhyaya <ic...@gmail.com>]

> But I think that means we need to backport ALL known CVE issues that
affects 6.x, is that your plan?
That's a good point. Wasn't originally my plan, but I can port as many CVEs
that I reasonably can. :-)

I'm also now wondering if upgrading Tika and others in a bugfix release is
a good idea. My thought is that if a user is stuck with 6x, these CVE fixes
will help a lot. Hence, it makes sense to me to try to upgrade these
components.

On Mon, Mar 18, 2019 at 12:49 PM Jan Høydahl <ja...@cominvent.com> wrote:

> Ok for me. But I think that means we need to backport ALL known CVE issues
> that affects 6.x, is that your plan?
> I'm not sure if we are also expected (by ASF) to upgrade dependencies with
> known vulnerabilities, e.g. Tika, commons-xxx etc, do you know?
>
> --
> Jan Høydahl, search solution architect
> Cominvent AS - www.cominvent.com
>
> 18. mar. 2019 kl. 08:08 skrev Ishan Chattopadhyaya <
> ichattopadhyaya@gmail.com>:
>
> Hi,
> There is a severe memory leak bug,
> https://issues.apache.org/jira/browse/SOLR-10506, that didn't make it to
> the 6x branch at the time of its resolution.
>
> I propose a 6.6.6 release with that fix (and any others that might be low
> hanging, high severity issues). I am volunteering to be the RM for this.
> Please let me know if there are any thoughts or objections.
> Regards,
> Ishan
>
> Disclaimer: I am primarily interested in this release upon the request of
> one of my clients who are impacted by this bug, and I'm proposing to do
> this release on their request.
>
>
>

Re: 6.6.6 Release

[Noble Paul <no...@gmail.com>]

As long as you are OK to be the RM it should be OK.
+1

On Mon, Mar 18, 2019 at 6:19 PM Jan Høydahl <ja...@cominvent.com> wrote:
>
> Ok for me. But I think that means we need to backport ALL known CVE issues that affects 6.x, is that your plan?
> I'm not sure if we are also expected (by ASF) to upgrade dependencies with known vulnerabilities, e.g. Tika, commons-xxx etc, do you know?
>
> --
> Jan Høydahl, search solution architect
> Cominvent AS - www.cominvent.com
>
> 18. mar. 2019 kl. 08:08 skrev Ishan Chattopadhyaya <ic...@gmail.com>:
>
> Hi,
> There is a severe memory leak bug, https://issues.apache.org/jira/browse/SOLR-10506, that didn't make it to the 6x branch at the time of its resolution.
>
> I propose a 6.6.6 release with that fix (and any others that might be low hanging, high severity issues). I am volunteering to be the RM for this.
> Please let me know if there are any thoughts or objections.
> Regards,
> Ishan
>
> Disclaimer: I am primarily interested in this release upon the request of one of my clients who are impacted by this bug, and I'm proposing to do this release on their request.
>
>


-- 
-----------------------------------------------------
Noble Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org

Re: 6.6.6 Release

[Jan Høydahl <ja...@cominvent.com>]

Ok for me. But I think that means we need to backport ALL known CVE issues that affects 6.x, is that your plan?
I'm not sure if we are also expected (by ASF) to upgrade dependencies with known vulnerabilities, e.g. Tika, commons-xxx etc, do you know?

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

> 18. mar. 2019 kl. 08:08 skrev Ishan Chattopadhyaya <ic...@gmail.com>:
> 
> Hi,
> There is a severe memory leak bug, https://issues.apache.org/jira/browse/SOLR-10506 <https://issues.apache.org/jira/browse/SOLR-10506>, that didn't make it to the 6x branch at the time of its resolution.
> 
> I propose a 6.6.6 release with that fix (and any others that might be low hanging, high severity issues). I am volunteering to be the RM for this.
> Please let me know if there are any thoughts or objections.
> Regards,
> Ishan
> 
> Disclaimer: I am primarily interested in this release upon the request of one of my clients who are impacted by this bug, and I'm proposing to do this release on their request.