You right, Yu. Thanks for pointing that out. And thanks for volunteering, Xintong.
On Thu, Jan 14, 2021 at 3:31 AM Xintong Song <tonysong...@gmail.com> wrote: > Maybe I can help drive this release, if there's no one else volunteering. > I've been managing the 1.11.3 and 1.12.1 releases. The bugfix release > process is still warm in my mind. :) > > Thank you~ > > Xintong Song > > > > On Wed, Jan 13, 2021 at 8:09 PM Yu Li <car...@gmail.com> wrote: > >> +1 for having a bugfix release for the 1.10 branch to fix the security >> issue. >> >> Thanks for driving the discussion Matthias! >> >> Minor: CVE-2020-17519 is introduced by 1.11.0 [1] so we don't need to fix >> it in 1.10.3, but CVE-2020-17518 [2] is needed. >> >> Best Regards, >> Yu >> >> [1] https://s.apache.org/CVE-2020-17519 >> [2] https://s.apache.org/CVE-2020-17518 >> >> >> On Wed, 13 Jan 2021 at 16:57, Till Rohrmann <trohrm...@apache.org> wrote: >> >> > Thanks for starting this discussion Matthias. I agree with all of you >> that >> > a final 1.10.3 release could be really helpful for our users. Given >> that CI >> > passes, it shouldn't be too much overhead either. >> > >> > Cheers, >> > Till >> > >> > On Wed, Jan 13, 2021 at 9:45 AM Xingbo Huang <hxbks...@gmail.com> >> wrote: >> > >> > > Thanks for starting this discussion, Matthias. >> > > >> > > +1 for releasing 1.10.3 as it contains a number of important fixes. >> > > >> > > Best, >> > > Xingbo >> > > >> > > Xintong Song <tonysong...@gmail.com> 于2021年1月13日周三 下午3:46写道: >> > > >> > > > Thanks for bringing this up, Matthias. >> > > > >> > > > Per the "Update Policy for old releases" [1], normally we do not >> > release >> > > > 1.10.x after 1.12.0 is released. However, the policy also says that >> we >> > > are >> > > > "open to discussing bugfix releases for even older versions". >> > > > >> > > > In this case, I'm +1 for releasing 1.10.3, for the dozens of >> > > non-released >> > > > fixes and the security flaws. >> > > > >> > > > As a reminder, I'd like to bring up FLINK-20906 [2] to be >> backported if >> > > we >> > > > are releasing 1.10.3, which updates the copyright year in NOTICE >> files >> > to >> > > > 2021. >> > > > >> > > > Thank you~ >> > > > >> > > > Xintong Song >> > > > >> > > > >> > > > [1] https://flink.apache.org/downloads.html >> > > > [2] https://issues.apache.org/jira/browse/FLINK-20906 >> > > > >> > > > On Tue, Jan 12, 2021 at 7:15 PM Matthias Pohl < >> matth...@ververica.com> >> > > > wrote: >> > > > >> > > > > Hi, >> > > > > I'd like to initiate a discussion on releasing Flink 1.10.3. There >> > > were a >> > > > > few requests in favor of this already in [1] and [2]. >> > > > > >> > > > > I checked the release-1.10 branch: 55 commits are not released, >> yet. >> > > > > Some non-released fixes that might be relevant are: >> > > > > - FLINK-20218 [3] - fix "module 'urllib' has no attribute 'parse'" >> > due >> > > to >> > > > > ProtoBuf version update >> > > > > - FLINK-20013 [4] - BoundedBlockingSubpartition may leak network >> > buffer >> > > > > - FLINK-19252 [5] - temporary folder is not created when missing >> > > > > - FLINK-19557 [6] - LeaderRetrievalListener notification upon >> > ZooKeeper >> > > > > reconnection >> > > > > - FLINK-19523 [7] - hide sensitive information in logs >> > > > > >> > > > > In addition to that, we would like to include a backport for >> > > > CVE-2020-17518 >> > > > > and CVE-2020-17519 to cover the request in [2]. >> > > > > >> > > > > The travis-ci build chain for release-1.10 seems to be stable [8]. >> > > > > Any thoughts on that? Unfortunately, I cannot volunteer as a >> release >> > > > > manager due to the lack of permissions. But I wanted to start the >> > > > > discussion, anyway. >> > > > > >> > > > > Best, >> > > > > Matthias >> > > > > >> > > > > [1] >> > > > > >> > > > > >> > > > >> > > >> > >> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/ANNOUNCE-Weekly-Community-Update-2020-44-45-td46486.html#a47610 >> > > > > [2] https://issues.apache.org/jira/browse/FLINK-20875 >> > > > > [3] https://issues.apache.org/jira/browse/FLINK-20218 >> > > > > [4] https://issues.apache.org/jira/browse/FLINK-20013 >> > > > > [5] https://issues.apache.org/jira/browse/FLINK-19252 >> > > > > [6] https://issues.apache.org/jira/browse/FLINK-19557 >> > > > > [7] https://issues.apache.org/jira/browse/FLINK-19523 >> > > > > [8] https://travis-ci.com/github/apache/flink/builds/212749910 >> > > > > >> > > > >> > > >> > > >