Skip to content

RC Release v2.13.2#2206

Closed
Pratyush Ranjan (PratRanj07) wants to merge 1 commit intomasterfrom
dev_v2.13.2-RC1
Closed

RC Release v2.13.2#2206
Pratyush Ranjan (PratRanj07) wants to merge 1 commit intomasterfrom
dev_v2.13.2-RC1

Conversation

@PratRanj07
Copy link
Copy Markdown
Contributor

@PratRanj07 Pratyush Ranjan (PratRanj07) commented Feb 27, 2026

No description provided.

Copilot AI review requested due to automatic review settings February 27, 2026 13:04
@confluent-cla-assistant
Copy link
Copy Markdown

confluent-cla-assistant bot commented Feb 27, 2026

🎉 All Contributor License Agreements have been signed. Ready to merge.
Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.

Copilot AI reviewed Feb 27, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR prepares the codebase for the v2.13.2 release candidate (RC1) by updating version references in the Docker build configuration and CHANGELOG. The release appears to be a maintenance release that includes various bug fixes and enhancements as documented in the CHANGELOG.

Changes:

  • Updated librdkafka version from v2.13.0 to v2.13.2-RC1 in the Alpine Dockerfile
  • Updated CHANGELOG header from v2.13.1 to v2.13.2

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
examples/docker/Dockerfile.alpine Updates the LIBRDKAFKA_VERSION environment variable to v2.13.2-RC1 to align with the new release candidate
CHANGELOG.md Updates the version section header to v2.13.2

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread CHANGELOG.md
## v2.13.1
## v2.13.2

v2.13.1 is a maintenance release with the following fixes and enhancements:
Copy link

Copilot AI Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version number in the description text should be updated to match the section header. The section is titled "v2.13.2" but the description still references "v2.13.1". This creates an inconsistency in the changelog.

Copilot uses AI. Check for mistakes.
Comment thread examples/docker/Dockerfile.alpine
COPY . /usr/src/confluent-kafka-python

ENV LIBRDKAFKA_VERSION="v2.13.0"
ENV LIBRDKAFKA_VERSION="v2.13.2-RC1"
Copy link

Copilot AI Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LIBRDKAFKA_VERSION is used to download and build librdkafka from GitHub via a curl ... | tar ... && ./configure && make install chain, but it is pinned only to a mutable tag and the download has no checksum or signature verification. If the upstream repository or release tag is compromised, attackers can inject arbitrary code into the Docker build and any containers built from this image. To reduce this supply chain risk, pin to an immutable commit SHA (or vendored source) and verify release hashes or signatures before building.

Copilot uses AI. Check for mistakes.
@sonarqube-confluent
Copy link
Copy Markdown

sonarqube-confluent bot commented Feb 27, 2026

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@MSeal Matthew Seal (MSeal) Awaiting requested review from MSeal MSeal is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PratRanj07