Hey, It is very exciting to see the first RC for an externalized connector! Thanks for all the effort setting up the release scripts and processes Chesnay.
Just to confirm before I start verifying this, will there be an RC2 to bump the Jackson version? Danny, On Wed, Nov 2, 2022 at 6:22 PM Chesnay Schepler <ches...@apache.org> wrote: > Yeah we should bump that to be closer to the connector version released > with 1.16.0. > > On 02/11/2022 15:53, Sergey Nuyanzin wrote: > > still checking > > however there is at least one finding I would like to highlight > > currently elasticsearch connector depends on jackson-bom 2.13.2.20220328 > > which has 2 CVEs CVE-2022-42003[1] CVE-2022-42004[2] fixed in > > 2.13.4.20221013 [3] > > Does it make sense to include it in this version? > > > > [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003 > > [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004 > > [3] > > > https://github.com/FasterXML/jackson-databind/issues/3590#issue-1362567066 > > > > On Wed, Nov 2, 2022 at 12:01 PM Chesnay Schepler <ches...@apache.org> > wrote: > > > >> Hi everyone, > >> Please review and vote on the release candidate #1 for the version > >> 3.0.0, as follows: > >> [ ] +1, Approve the release > >> [ ] -1, Do not approve the release (please provide specific comments) > >> > >> The complete staging area is available for your review, which includes: > >> * JIRA release notes [1], > >> * the official Apache source release to be deployed to dist.apache.org > >> [2], which are signed with the key with fingerprint C2EED7B111D464BA > [3], > >> * all artifacts to be deployed to the Maven Central Repository [4], > >> * source code tag [5], > >> * website pull request listing the new release [6]. > >> > >> The vote will be open for at least 72 hours. It is adopted by majority > >> approval, with at least 3 PMC affirmative votes. > >> > >> Note: This is the first release of an externalized connector, relying on > >> a new set of scripts. Double-check _everything_. > >> > >> Thanks, > >> Release Manager > >> > >> [1] https://issues.apache.org/jira/projects/FLINK/versions/12352291 > >> [2] > >> > >> > https://dist.apache.org/repos/dist/dev/flink/flink-connector-elasticsearch-3.0.0-rc1/ > >> [3] https://dist.apache.org/repos/dist/release/flink/KEYS > >> [4] > >> https://repository.apache.org/content/repositories/orgapacheflink-1543/ > >> [5] > >> > >> > https://github.com/apache/flink-connector-elasticsearch/releases/tag/v3.0.0-rc1 > >> [6] https://github.com/apache/flink-web/pull/579 > >> > >> > >
