etcd patch release plan

[hexfusion]

etcd 3.5 is ready for a new patch release. We plan on cutting to cut 3.5.1 by end of the week. Please get in any patches or communicate here if you need more time.

In addition, we are also planning a new release of 3.4.x and 3.3.x.

• v3.4.17
• v3.3.26
• v3.5.1
• v3.4.18
• v3.3.27

cc @gyuho @ptabor @serathius @lilic @hasbro17

[hexfusion]

ref: #13244

[serathius]

I think we should wait with v3.5.1 for cherry-pick #13359
This is a fix for etcdctl that sends invalid authority header in v3.5.0, this causes etcd not work all all if there is a proxy/loadbalancer before etcd instance that validates authority field.

[serathius]

There is also an issue of zombie members #13196
I have implemented a workaround #13348 that allows users to remove/fix zombie members, but we didn't implement a proper fix. @ptabor proposed to fix zombie members during wal snapshot, so a proper fix might be to force a wal snaphost during server bootstrap, but implementing and testing this would be non trivial.

I think we should discuss if current fix is enough or we need more time to implement proper one. I think that major problem with current fix is bad user experience. If user cluster is affected and after they upgrade to v3.5 they will see zombie members (members that were previously removed). With the current fix they should be able to remove them themselves, but we might see increased number of issues people asking about this for a long time (as it will take a long time for people to adopt v3.5)

[hexfusion]

This makes sense to me thanks @serathius. I am going to raise an internal issue on this so we can get some more cycles to assist you in reviews.

[ptabor]

I think both issues are pretty serious, so we should release v3.5.1 as soon as we have reasonable mitigations.
Postponing automated membership fixing process to v3.5.2 SGTM.

[serathius]

Both fixes planned for v3.5.1 got merged into release-3.5 branch

• Cherry pick "Fix http2 authority header in single endpoint scenario" to release-3.5 #13375
• Fix for v3.5 Ensure that cluster members stored in v2store and backend are in sync #13348

[hexfusion]

Thanks team PTAL at #13376 which closes up a few CVE's was hoping to include this in the bump.

[hexfusion]

3.5.1 release is delayed ppc64le/debian:bullseye-20210927 tag is missing from registry I have engaged maintainers for help. Once resolved I will cut the release.

ref: https://dockercommunity.slack.com/archives/C7GKACWDV/p1633277275351000

[hexfusion]

New versions just cut

• v3.4.17
• v3.3.26

[hexfusion]

Once the above is resolved I will cut a new version with an updated base image for release-3.4 and release-3.3

[hexfusion]

3.5.1 release is delayed ppc64le/debian:bullseye-20210927 tag is missing from registry I have engaged maintainers for help. Once resolved I will cut the release.

ref: https://dockercommunity.slack.com/archives/C7GKACWDV/p1633277275351000

This issue has been resolved I will attempt new releases this week.

[relyt0925]

Thank you for doing this!!!!!! This is very helpful for teams under compliance requirements for fixed downstream images with CVEs.

[super1t]

so?today can release a new tag?

[hexfusion]

Yes release will happen today

[hexfusion]

v3.5.1
v3.4.18
v3.3.27

were released today changelog and announcements are pending.

[ptabor]

Thank you, Sam !