Hello everyone,

these winter holidays we got a present in the form of Log4Shell, which affects pretty much all artifacts we have ever released.

As per our release lifecycle rules, this means that:

- all release trains up to and including Aluminium are past their End of Life and will not be receiving a community-driven release

- Silicon is currently in its Security Support period past its last scheduled Service Release, hence will receive an unscheduled security-driven SR4 in near future

- Phosphorus is currently in its normal support period, hence will have this (and other) issues resolved in the upcoming run-of-the-mill SR2

- Sulfur release train currently mirrors Phosphorus in the parts which are affected, it will be updated at the same time and Sulfur GA will be on par with Phosphorus SR2

Regards,
Robert

On 20/01/2022 08:26, Daniel de la Rosa wrote:

Hello Robert

Hey Daniel,

On Mon, Jan 10, 2022 at 5:42 AM Robert Varga <nite@... <mailto:nite@...>> wrote:
Hello everyone,
these winter holidays we got a present in the form of Log4Shell, which
affects pretty much all artifacts we have ever released.
As per our release lifecycle rules, this means that:
- all release trains up to and including Aluminium are past their
End of
Life and will not be receiving a community-driven release
- Silicon is currently in its Security Support period past its last
scheduled Service Release, hence will receive an unscheduled
security-driven SR4 in near future
We can review this in the TSC but I think we can release Silicon SR4 after Phosphorus SR2 and before Sulfur. Thoughts?

Actually, these updates are already pushed out on the branch, i.e. https://jenkins.opendaylight.org/releng/view/autorelease/job/autorelease-release-silicon-mvn35-openjdk11/537/ should be okay to release.

Regards,
Robert

On 20/01/2022 11:30, Robert Varga wrote:

    - Silicon is currently in its Security Support period past its last
    scheduled Service Release, hence will receive an unscheduled
    security-driven SR4 in near future


We can review this in the TSC but I think we can release Silicon SR4 after Phosphorus SR2 and before Sulfur. Thoughts?

Actually, these updates are already pushed out on the branch, i.e. https://jenkins.opendaylight.org/releng/view/autorelease/job/autorelease-release-silicon-mvn35-openjdk11/537/ should be okay to release.

So pretty much everything is actually okay, except BGPCEP, which is showing regressions around TCP-MD5 handling. This is most probably related to netty-4.1.72+ upgrade in OSGi environment.

Regards,
Robert

On 21/01/2022 07:31, Robert Varga wrote:

On 20/01/2022 11:30, Robert Varga wrote:

    - Silicon is currently in its Security Support period past its last
    scheduled Service Release, hence will receive an unscheduled
    security-driven SR4 in near future


We can review this in the TSC but I think we can release Silicon SR4 after Phosphorus SR2 and before Sulfur. Thoughts?

Actually, these updates are already pushed out on the branch, i.e. https://jenkins.opendaylight.org/releng/view/autorelease/job/autorelease-release-silicon-mvn35-openjdk11/537/ should be okay to release.

So pretty much everything is actually okay, except BGPCEP, which is showing regressions around TCP-MD5 handling. This is most probably related to netty-4.1.72+ upgrade in OSGi environment.

https://jira.opendaylight.org/browse/ODLPARENT-279 tracks this. It is also affecting Phosphorus SR2 (but that also has a different problem).

Regards,
Robert

On 27/01/2022 01:30, Daniel de la Rosa wrote:

https://jira.opendaylight.org/browse/ODLPARENT-279
<https://jira.opendaylight.org/browse/ODLPARENT-279> tracks this. It is
also affecting Phosphorus SR2 (but that also has a different problem).
As you mentioned in the other thread, only https://jira.opendaylight.org/browse/MDSAL-718 <https://jira.opendaylight.org/browse/MDSAL-718> is holding both Phosphorus SR2 and Silicon SR4 right?

The other way around:
ODLPARENT-279 held up both, but is cleared now.
MDSAL-718 is holding up Phosphorus SR2 and it's what I am focusing on next.

Regards,
Robert

--