Skip to content

Bump exabgp from 4.2.25 to 5.0.1 #4739

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump exabgp from 4.2.25 to 5.0.1 #4739

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 24, 2025
edited
Loading

Bumps exabgp from 4.2.25 to 5.0.1.

Release notes

Sourced from exabgp's releases.

ExaBGP 'Never trust 0.0 code' release

ExaBGP 5.0.1

This is a bug fix release addressing issues introduced in 5.0.0.

🚨 Critical Fixes

Container ImportError Fix

  • Fix: Container startup failure in 5.0.0 - The 5.0.0 Docker container (ghcr.io/exa-networks/exabgp:5.0.0) failed to start with ImportError: cannot import name 'get_root' from 'exabgp.version'
  • Added missing get_root() and get_zipapp() functions that were removed during 5.0.0 release but still required by application/version.py
  • All exabgp commands (--help, version, etc.) now work correctly

RIB Stability Fixes

  • Fix: RIB iterator crash in delete_cached_family() - Modified dictionary during iteration causing RuntimeError on configuration reload
  • Fix: RIB iterator safety in cached_changes() - Prevented iterator corruption during concurrent access
  • Fix: race condition in RIB updates() generator - Fixed missing/duplicate route updates when API flush commands arrive during peer sending

✨ Testing Improvements

  • Added comprehensive RIB stress test suite (tests/unit/test_rib_stress.py) - 18 tests covering critical bugs, race conditions, edge cases, and performance

ExaBGP "Claude" release

Major code release

This is the first stable release of ExaBGP 5.0.

This release is based on the main branch, which has been widely used in production (with some recent changes). Development in main will lead to the creation of version 6.0.0, which already includes significant work to leverage modern Python asynchronous features as well as code annotations with mypy. As these changes are more likely to introduce potential issues, we are releasing 5.0 as a stable version for production use.

This release removes support for Python 3.7 and requires Python 3.8+.

"Nothing much" happened since the latest 4.2.22 release "but":

  • 871 commits since 4.2.22
  • 920 files changed, 88,481 insertions, 29,566 deletions
  • 20+ contributors
  • All major changes are documented in the CHANGELOG

🙏 Acknowledgments

Special thanks to:

  • All contributors who submitted patches, bug reports, and feature requests
  • The BGP community for protocol clarifications
  • Early adopters who tested pre-release versions
  • Everyone who contributed to documentation and examples

... (truncated)

Changelog

Sourced from exabgp's changelog.

Version explained:

  • major : codebase increase on incompatible changes
  • minor : increase on risk of code breakage during a major release
  • bug : increase on bug or incremental changes

Version 5.0.1:

  • Fix: ImportError when running exabgp commands (--help, version, etc.) Missing get_root() and get_zipapp() functions in version.py that were removed during 5.0.0 release but still imported by application/version.py. This bug prevented the 5.0.0 container from starting.
  • Fix: Critical RIB iterator crash in delete_cached_family() (cache.py:37) Modified dictionary during iteration causing RuntimeError on configuration reload. Fixed by adding list() wrapper to snapshot keys before iteration. The list() wrapper prevents race condition when removing families from cache.
  • Fix: Critical RIB iterator safety in cached_changes() (cache.py:51) No snapshot of dictionary values during iteration could corrupt iterator state. Fixed by wrapping values() with list() to create snapshot before iteration. Prevents corruption when cache is modified during concurrent access.
  • Fix: Critical race condition in RIB updates() generator (outgoing.py:220-270) resend() could modify _refresh_changes and _refresh_families during iteration, causing missing or duplicate route updates when API flush commands arrive during peer sending. Fixed by snapshotting both lists at function start and clearing immediately before yielding. The list() wrapper creates atomic snapshot, preventing race conditions when resend() is called mid-iteration.
  • Feature: Added comprehensive RIB stress test suite (tests/unit/test_rib_stress.py) 18 tests covering critical bugs, race conditions, edge cases, and performance. Tests concurrent access patterns, empty/large RIBs, and validates that resend() during updates() doesn't interfere with current iteration.

Version 5.0.0:

  • Compatibility: The text encoding of AS-SEQUENCE in the AS-PATH has changed
  • Compatibility: The AS-PATH JSON format has changed
  • Compatibility: The BGP-LS Adjacency SID JSON format has changed
  • Compatibility: The command line format has changed whilst trying to keep backward compatibility for most usual commands
  • Feature: drop support for python2, well it is classed as feature, your opinion may vary
  • Fix: support for more than one BGP-LS Adjacency SID per link patch: tomjshine
  • reported: the RIB code so withdraw message before any announce are sent this does change the RIB behaviour sending withdrawal when it was not previously
  • Fix: parsing of SID in BGP-LS
  • Change: do not include attribute infos in updates if only sending withdrawals patch: Denis Krienbühl
  • Fix: Flowspec fragment (issue 1027)
  • Fix: left-over process (issue 1029 - can not be backported as python3 only) patch: Vincent Bernat
  • Feature: allow Ipv6 redirect patch: rzalamena
  • Fix: AddPath parsing issue (issue 1041)
  • Feature: Added show neighbor json to the CLI

... (truncated)

Commits
  • 55927f1 Release: Bump version to 5.0.1
  • cc26c32 Fix: Add missing get_root() and get_zipapp() functions to version.py
  • eec159e Docs: Add CHANGELOG for version 5.0.1
  • d6d9a27 Fix: Critical RIB race conditions and iterator bugs
  • f12892d updating version to 5.0.0
  • 078e4ef Fix configuration reload race condition with API processes (fixes #1340)
  • 9469972 Update README.md and CHANGELOG with recent work
  • a4c1464 Enable ACK for CLI control process on startup
  • 83ef8a8 Add ACK control API commands (disable-ack, enable-ack, silence-ack)
  • 5890578 Change wait_for_ack() timeout from 30s to 2s in all API examples
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump exabgp from 4.2.25 to 5.0.1
da48c4d 
Bumps [exabgp](https://github.com/exa-networks/exabgp) from 4.2.25 to 5.0.1.
- [Release notes](https://github.com/exa-networks/exabgp/releases)
- [Changelog](https://github.com/Exa-Networks/exabgp/blob/5.0.1/doc/CHANGELOG.rst)
- [Commits](Exa-Networks/exabgp@4.2.25...5.0.1)

---
updated-dependencies:
- dependency-name: exabgp
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 24, 2025
@dependabot dependabot bot mentioned this pull request Nov 24, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant