Hi Mickael, I built image for 4.2.1-rc0 and found three CVE. Do we also want to add this to 4.3.0?
Failed Docker Build Test CI: JVM: https://github.com/apache/kafka/actions/runs/24325917628/job/71021064066 Native: https://github.com/apache/kafka/actions/runs/24333619117/job/71044984045 JVM image: https://issues.apache.org/jira/browse/KAFKA-20373 Native image: https://issues.apache.org/jira/browse/KAFKA-20446 https://issues.apache.org/jira/browse/KAFKA-20447 Thanks, PoAn > On Apr 13, 2026, at 10:30 PM, Mickael Maison <[email protected]> wrote: > > Hi PoAn, > > Yes having these changes in 4.3 would be useful. > > Thanks, > Mickael > > On Mon, Apr 13, 2026 at 1:52 PM PoAn Yang <[email protected]> wrote: >> >> Hi Mickael, >> >> I have some PRs related to trivy action and release.py. Can I backport them >> to 4.3 branch? >> >> 1. Change trivy action to approved one in apache/infrastructure-actions. >> >> https://github.com/apache/kafka/commit/eb6ce0e3d9c22ea1c34ecca293555f9fcad17981 >> https://github.com/apache/kafka/commit/acd37fc30c5fdbbae772144c73b4f2c7e1c21d27 >> >> 2. Update release.py to remove -SNAPSHOT in version.py, so we don’t get >> error in StreamsUpgradeTest.test_app_upgrade e2e. >> >> https://github.com/apache/kafka/pull/22031 >> >> Thanks, >> PoAn >> >>> On Apr 11, 2026, at 10:55 PM, Lianet Magrans <[email protected]> wrote: >>> >>> Hi Mickael, >>> >>> I just merged the fix for the recent blocker >>> https://issues.apache.org/jira/browse/KAFKA-20428 >>> >>> Thanks! >>> Lianet >>> >>> On Fri, Apr 10, 2026 at 7:07 PM Matthias J. Sax <[email protected]> wrote: >>> >>>> Thanks. PR got merged. >>>> >>>> >>>> -Matthias >>>> >>>> On 4/10/26 12:32 PM, Mickael Maison wrote: >>>>> Hi Matthias, >>>>> >>>>> Yes let's revert that commit. >>>>> >>>>> Thanks, >>>>> Mickael >>>>> >>>>> On Fri, Apr 10, 2026 at 8:43 PM Matthias J. Sax <[email protected]> >>>> wrote: >>>>>> >>>>>> Hey Mickael, >>>>>> >>>>>> I just realized that we did merge a PR to trunk (before 4.3 branch cut) >>>>>> to add a new config for KIP-1071, but we are still not using this >>>>>> config. To avoid confusing users, I propose to revert this change in >>>>>> 4.3. Prepared a PR for its. Please let me know if that's ok to merge. >>>>>> >>>>>> https://github.com/apache/kafka/pull/22020 >>>>>> >>>>>> >>>>>> -Matthias >>>>>> >>>>>> >>>>>> On 3/30/26 11:22 AM, Justine Olshan via dev wrote: >>>>>>> I'll be picking a small bugfix to 4.3 -- KAFKA-20310, just missed the >>>>>>> branch cut and it's a bugfix. >>>>>>> >>>>>>> On Mon, Mar 30, 2026 at 9:58 AM Matthias J. Sax <[email protected]> >>>> wrote: >>>>>>> >>>>>>>> I took the liberty to update the release wiki page, adding KIP-1271 as >>>>>>>> "completed" -- it was incorrectly listed as postponed. >>>>>>>> >>>>>>>> The Jira ticket is still open, as we add more test etc, but the KIP is >>>>>>>> already completed. >>>>>>>> >>>>>>>> >>>>>>>> -Matthias >>>>>>>> >>>>>>>> On 3/30/26 9:25 AM, Mickael Maison wrote: >>>>>>>>> Hi Jose, >>>>>>>>> >>>>>>>>> Yes you can apply that to 4.3. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Mickael >>>>>>>>> >>>>>>>>> On Mon, Mar 30, 2026 at 6:08 PM José Armando García Sancio via dev >>>>>>>>> <[email protected]> wrote: >>>>>>>>>> >>>>>>>>>> Hi Mickael, >>>>>>>>>> >>>>>>>>>> I merged KAFKA-19541 to the 4.3 branch as discussed earlier. >>>>>>>>>> >>>>>>>>>> I also just merged a bug fix (1) to trunk for the issue KAFKA-19851 >>>>>>>>>> (2) introduced in the 4.0 release. Some users have encountered this >>>>>>>>>> issue. The workaround is to delete all configurations removed by AK >>>>>>>>>> 4.0. It would be nice to make this fix available in the 4.3 release. >>>>>>>>>> What do you think? >>>>>>>>>> >>>>>>>>>> (1) >>>>>>>> >>>> https://github.com/apache/kafka/commit/a35d6492fbf8068cdb025419178434cbae3a991b >>>>>>>>>> (2) https://issues.apache.org/jira/browse/KAFKA-19851 >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> -- >>>>>>>>>> -José >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>> >>>> >>
