[prev in list] [next in list] [prev in thread] [next in thread] 

List:       activemq-dev
Subject:    Re: [VOTE] Apache ActiveMQ Artemis 2.6.0
From:       Clebert Suconic <clebert.suconic () gmail ! com>
Date:       2018-05-21 13:52:29
Message-ID: CAKF+bsrNPmRZJazJxZGtxvLz9jHrb5Jg-X5aGAJTsuvakEKxcA () mail ! gmail ! com
[Download RAW message or body]

ok.. fair enough... I will finish the release 2.6.0 as is.. and
shortly after I'm sending a HEADS-UP for 2.6.1 in 1 week.

On Mon, May 21, 2018 at 6:29 AM, Robbie Gemmell
<robbie.gemmell@gmail.com> wrote:
> I'd say the same. It is essentially the same amount of work to respin
> as it is to do another release, and it isnt a regression in this
> release, so I'd personally proceed and just use this as reason to do a
> quick 2.6.1 along with any other approriate fixes.
>
> Robbie
>
> On 19 May 2018 at 15:27, Timothy Bish <tabish121@gmail.com> wrote:
>> On 05/18/2018 06:24 PM, Michael André Pearce wrote:
>>>
>>> Hi All,
>>>
>>> On upgrading to 2.5.0 we have found quite a blocking issue to 2.5.0 for
>>> anyone who secures durable queue creation so clients cannot create, but
>>> doesn't secure non-durable.
>>>
>>> https://issues.apache.org/jira/browse/ARTEMIS-1872
>>>
>>> In summary prior to 2.5.0 the security check incorrectly always checked
>>> for security rights for non-durable, even if the queue was a durable, this
>>> was security hole was fixed in 2.5.0, but a knock on effect is it has
>>> highlighted/exposed some logic issues in the CoreClient and also in AMQP and
>>> OpenWire protocol managers, where in some cases a queue is not check for
>>> being present before calling create queue, meaning if user is not allowed to
>>> create a queue, but is allowed to consume, and the queue exists, the client
>>> still cannot consume, as the code tries to create and throws exception.
>>>
>>> We have created a test case that re-creates the issues, and also a
>>> possible solution its in PR here.
>>>
>>> https://github.com/apache/activemq-artemis/pull/2093
>>>
>>> Whilst it is not technically caused by any changes in the just created RC
>>> for 2.6.0 since 2.5.0, i think the severity/impact of this may deem it
>>> worthy to fix, and re-spin.
>>>
>>> Cheers
>>> Mike
>>
>>
>> This seems like a good opportunity to practice turning around a quick 2.6.1
>> release as this is not a blocking issue given it's been in the code for
>> quite some time already.
>>
>>
>>
>>>> On 17 May 2018, at 20:02, Christopher Shannon
>>>> <christopher.l.shannon@gmail.com> wrote:
>>>>
>>>> +1
>>>>
>>>> On Thu, May 17, 2018 at 2:51 PM, Timothy Bish <tabish121@gmail.com>
>>>> wrote:
>>>>
>>>>> On 05/16/2018 10:49 PM, Clebert Suconic wrote:
>>>>>
>>>>>> I would like to propose an Apache ActiveMQ Artemis 2.6.0 release.
>>>>>>
>>>>>> The release notes can be found here:
>>>>>>
>>>>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?versi
>>>>>> on=12342903&&projectId=12315920
>>>>>>
>>>>>> There is a new commits report I made that I'm introducing on this
>>>>>> release:
>>>>>> https://dist.apache.org/repos/dist/dev/activemq/activemq-art
>>>>>> emis/2.6.0/artemis-2.6.0.html
>>>>>>
>>>>>> Source and binary distributions can be found here:
>>>>>> https://dist.apache.org/repos/dist/dev/activemq/activemq-artemis/2.6.0
>>>>>>
>>>>>> The Maven repository is here:
>>>>>>
>>>>>> https://repository.apache.org/content/repositories/orgapacheactivemq-1157
>>>>>>
>>>>>> In case you want to give it a try with the maven repo on examples:
>>>>>> http://activemq.apache.org/artemis/docs/latest/hacking-guide
>>>>>> /validating-releases.html
>>>>>>
>>>>>> The source tag:
>>>>>> https://git-wip-us.apache.org/repos/asf?p=activemq-artemis.g
>>>>>> it;a=tag;h=refs/tags/2.6.0
>>>>>>
>>>>>> I will update the website after the vote has passed.
>>>>>>
>>>>>>
>>>>>> [ ] +1 approve the release as Apache Artemis 2.4.0
>>>>>> [ ] +0 no opinion
>>>>>> [ ] -1 disapprove (and reason why)
>>>>>>
>>>>>>
>>>>>> Here's my +1
>>>>>> .
>>>>>>
>>>>>>
>>>>> +1
>>>>>
>>>>> * Validate the signatures and checksums
>>>>> * Review license and notice files in the archives
>>>>> * Build from source and ran some of the tests
>>>>> * Ran binary broker and ran some samples and performance tests against
>>>>> it
>>>>> * Used mvn apache-rat:check to validate license headers in place
>>>>>
>>>>>
>>>>> --
>>>>> Tim Bish
>>>>> twitter: @tabish121
>>>>> blog: http://timbish.blogspot.com/
>>>>>
>>>>>
>>>
>>
>> --
>> Tim Bish
>> twitter: @tabish121
>> blog: http://timbish.blogspot.com/
>>



-- 
Clebert Suconic
[prev in list] [next in list] [prev in thread] [next in thread]