Merge branch 'master' into bundleUnload

.asf.yaml

@@ -87,5 +87,5 @@ notifications:
   commits:      [email protected]
   issues:       [email protected]
   pullrequests: [email protected]
-  discussions:  dev@pulsar.apache.org
+  discussions:  commits@pulsar.apache.org
   jira_options: link label

.github/workflows/pulsar-ci.yaml

@@ -547,13 +547,13 @@ jobs:
         run: |
           # build docker image
           # include building of Pulsar SQL, Connectors, Offloaders and server distros
-          mvn -B -am -pl pulsar-sql/presto-distribution,distribution/io,distribution/offloaders,distribution/server,tests/docker-images/latest-version-image install \
+          mvn -B -am -pl pulsar-sql/presto-distribution,distribution/io,distribution/offloaders,distribution/server,distribution/shell,tests/docker-images/latest-version-image install \
           -Pmain,docker -Dmaven.test.skip=true -Ddocker.squash=true \
           -Dspotbugs.skip=true -Dlicense.skip=true -Dcheckstyle.skip=true -Drat.skip=true
 
       # check full build artifacts licenses
       - name: Check binary licenses
-        run: src/check-binary-license.sh ./distribution/server/target/apache-pulsar-*-bin.tar.gz
+        run: src/check-binary-license.sh ./distribution/server/target/apache-pulsar-*-bin.tar.gz && src/check-binary-license.sh ./distribution/shell/target/apache-pulsar-shell-*-bin.tar.gz
 
       - name: Clean up disk space
         run: |

SECURITY.md

@@ -1,17 +1,3 @@
 # Security Policy
 
-## Security Vulnerability Process
-
-The Pulsar community follows the ASF [security vulnerability handling process](https://apache.org/security/#vulnerability-handling).
-
-To report a new vulnerability you have discovered, please follow the [ASF security vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability). To report a vulnerability for Pulsar, contact the [Apache Security Team](https://www.apache.org/security/). When reporting a vulnerability to [[email protected]](mailto:[email protected]), you can copy your email to [[email protected]](mailto:[email protected]) to send your report to the Apache Pulsar Project Management Committee. This is a private mailing list.
-
-It is the responsibility of the security vulnerability handling project team (Apache Pulsar PMC in most cases) to make public security vulnerability announcements. You can follow announcements on the [[email protected]](mailto:[email protected]) mailing list. For instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
-
-## Security Policy details and supported versions of Apache Pulsar
-
-The security policy and supported versions are outlined on the Pulsar website under [Security > Security Policy and Supported Versions](https://pulsar.apache.org/docs/security-policy-and-supported-versions/).
-
-## Security Advisories
-
-Please visit the [Security Advisories](https://github.com/apache/pulsar/wiki/Security-advisories) page.
+See also https://pulsar.apache.org/security/.

conf/bookkeeper.conf

@@ -642,10 +642,10 @@ diskCheckInterval=10000
 ## Metadata Service settings
 #############################################################################
 
-# metadata service uri that bookkeeper is used for loading corresponding metadata driver and resolving its metadata service location
+# Metadata service uri that bookkeeper uses for loading the corresponding metadata driver and resolving its metadata service location
 # Examples: 
-#  - metadataServiceUri=metadata-store:zk:my-zk-1:2181
-#  - metadataServiceUri=metadata-store:etcd:http://my-etcd:2379
+#  - metadataServiceUri=zk://my-zk-1:2181/ledgers
+#  - metadataServiceUri=etcd:http://my-etcd:2379
 metadataServiceUri=
 
 # @Deprecated - `ledgerManagerFactoryClass` is deprecated in favor of using `metadataServiceUri`
@@ -670,7 +670,7 @@ metadataServiceUri=
 ## ZooKeeper parameters
 #############################################################################
 
-# @Deprecated - `zkLedgers` is deprecated in favor of using `metadataServiceUri`
+# @Deprecated - `zkServers` is deprecated in favor of using `metadataServiceUri`
 # A list of one of more servers on which Zookeeper is running.
 # The server list can be comma separated values, for example:
 # zkServers=zk1:2181,zk2:2181,zk3:2181

distribution/io/src/assemble/io.xml

@@ -80,5 +80,6 @@
     <file><source>${basedir}/../../pulsar-io/flume/target/pulsar-io-flume-${project.version}.nar</source></file>
     <file><source>${basedir}/../../pulsar-io/solr/target/pulsar-io-solr-${project.version}.nar</source></file>
     <file><source>${basedir}/../../pulsar-io/dynamodb/target/pulsar-io-dynamodb-${project.version}.nar</source></file>
+    <file><source>${basedir}/../../pulsar-io/alluxio/target/pulsar-io-alluxio-${project.version}.nar</source></file>
   </files>
 </assembly>

distribution/server/src/assemble/LICENSE.bin.txt

@@ -492,30 +492,30 @@ The Apache Software License, Version 2.0
 
 BSD 3-clause "New" or "Revised" License
  * Google auth library
-    - com.google.auth-google-auth-library-credentials-1.4.0.jar -- licenses/LICENSE-google-auth-library.txt
-    - com.google.auth-google-auth-library-oauth2-http-1.4.0.jar -- licenses/LICENSE-google-auth-library.txt
- * LevelDB -- (included in org.rocksdb.*.jar) -- licenses/LICENSE-LevelDB.txt
- * JSR305 -- com.google.code.findbugs-jsr305-3.0.2.jar -- licenses/LICENSE-JSR305.txt
- * JLine -- jline-jline-2.14.6.jar -- licenses/LICENSE-JLine.txt
- * JLine3 -- org.jline-jline-3.21.0.jar -- licenses/LICENSE-JLine.txt
+    - com.google.auth-google-auth-library-credentials-1.4.0.jar -- ../licenses/LICENSE-google-auth-library.txt
+    - com.google.auth-google-auth-library-oauth2-http-1.4.0.jar -- ../licenses/LICENSE-google-auth-library.txt
+ * LevelDB -- (included in org.rocksdb.*.jar) -- ../licenses/LICENSE-LevelDB.txt
+ * JSR305 -- com.google.code.findbugs-jsr305-3.0.2.jar -- ../licenses/LICENSE-JSR305.txt
+ * JLine -- jline-jline-2.14.6.jar -- ../licenses/LICENSE-JLine.txt
+ * JLine3 -- org.jline-jline-3.21.0.jar -- ../licenses/LICENSE-JLine.txt
 
 BSD 2-Clause License
- * HdrHistogram -- org.hdrhistogram-HdrHistogram-2.1.9.jar -- licenses/LICENSE-HdrHistogram.txt
+ * HdrHistogram -- org.hdrhistogram-HdrHistogram-2.1.9.jar -- ../licenses/LICENSE-HdrHistogram.txt
 
 MIT License
- * Java SemVer -- com.github.zafarkhaja-java-semver-0.9.0.jar -- licenses/LICENSE-SemVer.txt
- * SLF4J -- licenses/LICENSE-SLF4J.txt
+ * Java SemVer -- com.github.zafarkhaja-java-semver-0.9.0.jar -- ../licenses/LICENSE-SemVer.txt
+ * SLF4J -- ../licenses/LICENSE-SLF4J.txt
     - org.slf4j-slf4j-api-1.7.32.jar
     - org.slf4j-jcl-over-slf4j-1.7.32.jar
  * The Checker Framework
     - org.checkerframework-checker-qual-3.12.0.jar
 
 Protocol Buffers License
  * Protocol Buffers
-   - com.google.protobuf-protobuf-java-3.19.6.jar -- licenses/LICENSE-protobuf.txt
-   - com.google.protobuf-protobuf-java-util-3.19.6.jar -- licenses/LICENSE-protobuf.txt
+   - com.google.protobuf-protobuf-java-3.19.6.jar -- ../licenses/LICENSE-protobuf.txt
+   - com.google.protobuf-protobuf-java-util-3.19.6.jar -- ../licenses/LICENSE-protobuf.txt
 
-CDDL-1.1 -- licenses/LICENSE-CDDL-1.1.txt
+CDDL-1.1 -- ../licenses/LICENSE-CDDL-1.1.txt
  * Java Annotations API
     - javax.annotation-javax.annotation-api-1.3.2.jar
     - com.sun.activation-javax.activation-1.2.0.jar
@@ -541,25 +541,25 @@ CDDL-1.1 -- licenses/LICENSE-CDDL-1.1.txt
     - org.glassfish.jersey.inject-jersey-hk2-2.34.jar
  * Mimepull -- org.jvnet.mimepull-mimepull-1.9.13.jar
 
-Eclipse Distribution License 1.0 -- licenses/LICENSE-EDL-1.0.txt
+Eclipse Distribution License 1.0 -- ../licenses/LICENSE-EDL-1.0.txt
  * Jakarta Activation
     - jakarta.activation-jakarta.activation-api-1.2.2.jar
  * Jakarta XML Binding -- jakarta.xml.bind-jakarta.xml.bind-api-2.3.3.jar
 
-Eclipse Public License - v2.0 -- licenses/LICENSE-EPL-2.0.txt
+Eclipse Public License - v2.0 -- ../licenses/LICENSE-EPL-2.0.txt
  * Jakarta Annotations API -- jakarta.annotation-jakarta.annotation-api-1.3.5.jar
  * Jakarta RESTful Web Services -- jakarta.ws.rs-jakarta.ws.rs-api-2.1.6.jar
  * Jakarta Injection -- org.glassfish.hk2.external-jakarta.inject-2.6.1.jar
 
-Public Domain (CC0) -- licenses/LICENSE-CC0.txt
+Public Domain (CC0) -- ../licenses/LICENSE-CC0.txt
  * Reactive Streams -- org.reactivestreams-reactive-streams-1.0.3.jar
 
 Creative Commons Attribution License
- * Jcip -- licenses/LICENSE-jcip.txt
+ * Jcip -- ../licenses/LICENSE-jcip.txt
     - net.jcip-jcip-annotations-1.0.jar
 
 Bouncy Castle License
- * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt
+ * Bouncy Castle -- ../licenses/LICENSE-bouncycastle.txt
     - org.bouncycastle-bcpkix-jdk15on-1.69.jar
     - org.bouncycastle-bcprov-ext-jdk15on-1.69.jar
     - org.bouncycastle-bcprov-jdk15on-1.69.jar
@@ -572,22 +572,22 @@ Additionaly, Netty includes code with the following licenses:
 Contains a modified portion of 'Webbit', an event based WebSocket and HTTP server, which can be obtained at:
 
  * LICENSE:
-   * licenses/LICENSE-Webbit.txt (BSD License)
+   * ../licenses/LICENSE-Webbit.txt (BSD License)
  * HOMEPAGE:
    * https://github.com/joewalnes/webbit
 
 Contains a modified portion of 'SLF4J', a simple logging facade for Java, which can be obtained at:
 
  * LICENSE:
-   * licenses/LICENSE-SLF4J.txt (MIT License)
+   * ../licenses/LICENSE-SLF4J.txt (MIT License)
  * HOMEPAGE:
    * http://www.slf4j.org/
 
 Contains a modified portion of 'jbzip2', a Java bzip2 compression and decompression library written
 by Matthew J. Francis. It can be obtained at:
 
  * LICENSE:
-   * licenses/LICENSE-jbzip2.txt (MIT License)
+   * ../licenses/LICENSE-jbzip2.txt (MIT License)
  * HOMEPAGE:
    * https://code.google.com/p/jbzip2/
 
@@ -596,22 +596,22 @@ the suffix array and the Burrows-Wheeler transformed string for any input string
 a constant-size alphabet written by Yuta Mori. It can be obtained at:
 
  * LICENSE:
-   * licenses/LICENSE-libdivsufsort.txt (MIT License)
+   * ../licenses/LICENSE-libdivsufsort.txt (MIT License)
  * HOMEPAGE:
    * https://github.com/y-256/libdivsufsort
 
 Contains a modified portion of 'jfastlz', a Java port of FastLZ compression
 and decompression library written by William Kinney. It can be obtained at:
 
  * LICENSE:
-   * licenses/LICENSE-jfastlz.txt (MIT License)
+   * ../licenses/LICENSE-jfastlz.txt (MIT License)
  * HOMEPAGE:
    * https://code.google.com/p/jfastlz/
 
 Contains a modified portion of and optionally depends on 'Protocol Buffers', Google's data
 interchange format, which can be obtained at:
 
  * LICENSE:
-   * licenses/LICENSE-protobuf.txt (New BSD License)
+   * ../licenses/LICENSE-protobuf.txt (New BSD License)
  * HOMEPAGE:
 * https://github.com/google/protobuf