Comments (13)
We may want to hold the release after 7/2, as according to SIG-release's email
There is a Go update being released on 07/02
I do see some outstanding changes in the Go Release Dashboard. But I don't know how to check when the version will be released, and I'm not sure if it will come with another vulnerability fix.
from etcd.
After a sweep of fixes merged in the main branch after 3.5.14, I found these two potential backports:
Do we want to backport any of these?
I would appreciate another pair of eyes to do another pass.
I also volunteer to be a shadow for this release :)
from etcd.
@spzala or @wenjiaswe did either of you want to lead this release? If not I am happy to volunteer as release lead.
Do we want to backport any of these?
Will do some review soon, we also need to take a close look at recent bug reports and see if anything needs to be included: https://github.com/etcd-io/etcd/issues?q=is%3Aissue+label%3Atype%2Fbug+created%3A%3E%3D2024-04-30
from etcd.
@jmhbnz Yes, I am happy to do the release. It's a short week in US, maybe I can do it next week?
from etcd.
@jmhbnz Yes, I am happy to do the release. It's a short week in US, maybe I can do it next week?
SGTM - So release team will be:
Github handle | Role |
---|---|
@jmhbnz | Release advisor |
@wenjiaswe | Release lead |
@ivanvc | Release shadow |
/assign @wenjiaswe, @ivanvc, @jmhbnz
from etcd.
@ivanvc @jmhbnz I will discuss with you two on chat. If anyone else interested in shadowing, please ping me in slack: wenjiaswe
from etcd.
Would you guys be available Monday, July 8th, at 11 a.m. PT? I'll be out next week starting Tuesday, so I won't be available if you want to schedule it for later that day, which is fine by me, we could see if someone else wants to shadow :)
from etcd.
@jmhbnz, after updating Go to address vulnerabilities (#18269), I think we now can release 3.4.34, right?
from etcd.
@jmhbnz, after updating Go to address vulnerabilities (#18269), I think we now can release 3.4.34, right?
What is the CVE score? NIST don't list it yet https://nvd.nist.gov/vuln/detail/CVE-2024-24791. Our patch release criteria is 7.5 https://github.com/etcd-io/etcd/blob/main/Documentation/contributor-guide/release.md#patch-release-criteria but I'm not opposed to start organising 3.4.34
anyway once this release is done.
from etcd.
What is the CVE score? NIST don't list it yet https://nvd.nist.gov/vuln/detail/CVE-2024-24791. Our patch release criteria is 7.5
That's a good point. I think there's no rush, and ultimately, there are no other outstanding changes for 3.4 other than the Go update.
from etcd.
Will do some review soon, we also need to take a close look at recent bug reports and see if anything needs to be included: https://github.com/etcd-io/etcd/issues?q=is%3Aissue+label%3Atype%2Fbug+created%3A%3E%3D2024-04-30
I reviewed these and couldn't find anything that caught my eye.
Do we want to backport any of #18247 (comment)?
from etcd.
I reviewed these and couldn't find anything that caught my eye. Do we want to backport any of #18247 (comment)?
Have raised backport proposals for both:
from etcd.
Are we still expecting the 3.5.15 release this week? Thanks.
from etcd.
Related Issues (20)
- Implement a check to validate that dependency versions match across submodules HOT 10
- Allow revision filters on delete ops
- robustness: reduce concurrency for HighTraffic scenario HOT 10
- Handle EOF on grpc-proxy watch method HOT 1
- grpc-proxy stops sending watch events HOT 1
- Reduce log spam on missing member HOT 3
- etcd leader info status wrong HOT 2
- Failpoint `raftAfterSave=sleep(1s)` is flaking in robustness test HOT 3
- Enabling authentication causes noisy logs for every /readyz call HOT 9
- Filtering GET request via With{Min,Max}{Create,Mod}Rev has wrong result Count
- Bump go to 1.21.12 / 1.22.5 HOT 9
- [robustness tests] Flakiness due to Progress notify does not match for beforeSendWatchResponse=sleep(1s)
- Failure to get list of machines HOT 2
- Code that relies on gRPC metadata formatting should be fixed HOT 11
- Bootstraping etcd using DNS in a DHCP network
- etcd cluster error HOT 1
- dial-timeout option does not take effect on the watch command. HOT 1
- HashKV should compute the hash of all MVCC keys up to a given revision HOT 1
- Completion command is not included in releases of etcdctl HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from etcd.