Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release v3.4 patch releases discussion #11851

Open
terrytangyuan opened this issue Sep 20, 2023 · 68 comments
Open

Release v3.4 patch releases discussion #11851

terrytangyuan opened this issue Sep 20, 2023 · 68 comments
Labels
type/feature Feature request

Comments

@terrytangyuan
Copy link
Member

terrytangyuan commented Sep 20, 2023

This issue tracks commits for v3.4 patch releases.

@agilgur5
Copy link
Contributor

Do we want to cherry-pick in my UI date filter fixes? i.e. #11742, #11792, #11840

If so, I think I'd want to make another PR to remove the date filter default from the upgrade notes modal (as #11840 removes the default)

@terrytangyuan
Copy link
Member Author

Sure I think we'll include all fixes if there's no conflict.

@terrytangyuan
Copy link
Member Author

We need to include #11971 to unblock the build.

@terrytangyuan
Copy link
Member Author

@juliev0 and @sarabala1979 suggests including #11774

@terrytangyuan
Copy link
Member Author

terrytangyuan commented Oct 10, 2023

We are targeting end of next week for this. Please comment if you’d like to prioritize any other fixes.

@agilgur5
Copy link
Contributor

agilgur5 commented Oct 10, 2023

Sure I think we'll include all fixes if there's no conflict.

Ok, I added #11982 on top of those since they'll be included in a 3.4.x release then (the upgrade note in the modal is only for 3.4)

@juliev0 and @sarabala1979 suggests including #11774

isn't that a feature though?

@terrytangyuan
Copy link
Member Author

From @juliev0:

Without it, users in a cluster with too many sso groups can't log in to Argo Server.

So we could consider that a fix.

@terrytangyuan
Copy link
Member Author

Security fix #11986

@terrytangyuan
Copy link
Member Author

#11993

@terrytangyuan
Copy link
Member Author

@terrytangyuan
Copy link
Member Author

@terrytangyuan
Copy link
Member Author

Released

@terrytangyuan terrytangyuan unpinned this issue Oct 20, 2023
@terrytangyuan terrytangyuan reopened this Oct 31, 2023
@terrytangyuan terrytangyuan changed the title Release v3.4.12 cherry-pick candidates Release v3.4 patch releases discussion Oct 31, 2023
@terrytangyuan terrytangyuan pinned this issue Oct 31, 2023
@terrytangyuan
Copy link
Member Author

Reusing this issue to track any potential bug fixes for future v3.4 patch releases.

@terrytangyuan
Copy link
Member Author

From @juliev0, 75bd0b8

@terrytangyuan
Copy link
Member Author

Security fix #12111

@terrytangyuan
Copy link
Member Author

terrytangyuan commented Nov 3, 2023

@terrytangyuan
Copy link
Member Author

TODOs:

@agilgur5
Copy link
Contributor

agilgur5 commented Nov 9, 2023

#12172 specifically for the 3.4.x patch series

@agilgur5
Copy link
Contributor

agilgur5 commented Feb 8, 2024

#12622 is a workaround for a (very impactful) k8s 1.27 issue (#11657)

@agilgur5
Copy link
Contributor

#12652 adds some missing docs that are still relevant to release-3.4

@agilgur5
Copy link
Contributor

If it applies neatly, #12666 fixes a warning and performance issue

@agilgur5
Copy link
Contributor

#12609 fixes a regression dating back to 3.3, so would be good to get into 3.5.x and 3.4.x
#12581 is a docs clarification that would be helpful to backport

@jackivanov
Copy link

#12622 impact is significant, please release as soon as possible

@agilgur5
Copy link
Contributor

#12683 fixes a regression from 3.4.7+

@isubasinghe
Copy link
Member

Sorry for the delay, this took a bit more time than I thought, I was a bit sick last week so couldn't finish it. I've only just finished merging everything in.

Please help me check for correctness: https://github.com/isubasinghe/argo-workflows/tree/release-3.4.17

I will go through the commits again and confirm conflicts have been resolved correctly, will release tomorrow night AEDT if everything is okay.

@terrytangyuan
Copy link
Member Author

terrytangyuan commented Mar 14, 2024

Why not using release-3.4 branch? See the first paragraph in https://github.com/argoproj/argo-workflows/blob/main/docs/releasing.md

@isubasinghe
Copy link
Member

I didn't want any of these changes to be considered official until correctness had been verified.

@ishivanshgoel
Copy link

@isubasinghe could you kindly confirm if version 3.4.17 has been released?

@terrytangyuan
Copy link
Member Author

@ishivanshgoel You can find all the releases here: https://github.com/argoproj/argo-workflows/tags

@ishivanshgoel
Copy link

@tachylatus sure, thanks for the reply. But I couldn't find any recent 3.4 updates after 3.4.16 in January.
Is there any plan to release an update with the vulnerability patches?

@Joibel
Copy link
Member

Joibel commented Apr 18, 2024

Can we get #11585 in to this as well? Would you like me to make a PR for a fixed up version of it?

@terrytangyuan
Copy link
Member Author

Can we get #11585 in to this as well? Would you like me to make a PR for a fixed up version of it?

Yes please.

@terrytangyuan
Copy link
Member Author

Is there any plan to release an update with the vulnerability patches?

Yes, we are planning to release one soon.

@tooptoop4
Copy link
Contributor

can #12233 be included?

@terrytangyuan
Copy link
Member Author

https://github.com/argoproj/argo-workflows/releases/tag/v3.4.17

@agilgur5 agilgur5 added this to the v3.4.x patches milestone May 13, 2024
@terrytangyuan
Copy link
Member Author

UI security fix: #13069

@agilgur5
Copy link
Contributor

https://github.com/argoproj/argo-workflows/releases/tag/v3.4.17

@terrytangyuan @isubasinghe It looks like some fixes to 3.5 features landed in 3.4.17, which aren't applicable to 3.4. Please see my detailed comments in #13043 (review)

@agilgur5
Copy link
Contributor

UI security fix: #13069

This would require a very significant amount of effort to backport as I detailed in #13069 (review).
Argo v3.4 is on swagger-ui-react v4 as #12540 was never backported and then there are several React incompatibilities with that PR itself as well.

@terrytangyuan
Copy link
Member Author

#12383 is requested to be cherry-picked by community contributor

@isubasinghe
Copy link
Member

#13553 should also go in 3.4 I think, it fixes an old issue to do with deadlocks

@terrytangyuan
Copy link
Member Author

Need to patch this high vuln security fix #13626

@agilgur5
Copy link
Contributor

agilgur5 commented Sep 19, 2024

Need to patch this high vuln security fix #13626

@terrytangyuan my above comment applies to that as well

@agilgur5
Copy link
Contributor

agilgur5 commented Oct 27, 2024

#13820 fixes a regression in 3.4.8+ per #12848 (comment)

@klayhamn
Copy link

klayhamn commented Nov 4, 2024

Hello, what are the chances of applying this fix:

6abe8a9#diff-24284b831e81f770335038e710187e2feb0c7c3f46148c31fea108516ce1ae59R25

which seems to fix:
#8958
#8783

in 3.4?
my company currently uses 3.4.x and the RC the fix is on (3.6.x) is still a way off

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type/feature Feature request
Projects
None yet
Development

No branches or pull requests