+1 (non-binding) - ran through the release helper - ran some simple flows with a couple of the new features/bug fixes to verify
However, I note that there's a Dependabot notice in the GitHub repo currently for log4j dependencies nested within the Elasticsearch NARs - it may not be a problem, but thought worth pointing out. --- *Chris Sampson* IT Consultant [email protected] On Wed, 15 Dec 2021 at 09:57, Pierre Villard <[email protected]> wrote: > +1 (binding) > > Went through the usual steps. > Thanks for taking care of this so quickly! > > Pierre > > Le mer. 15 déc. 2021 à 10:55, Kotaro Terada <[email protected]> a écrit : > > > +1 (non-binding) > > > > - Verified signatures and hashes. > > - Built from source with OpenJDK 8 and OpenJDK 11. > > - Ran and tested a couple of flows. > > - Checked the dependency does not include log4j less than 2.16.0. > > > > Thank you for managing the release, Joe! > > > > Thanks, > > Kotaro > > > > > > On Wed, Dec 15, 2021 at 12:35 PM Joe Witt <[email protected]> wrote: > > > > > Hello, > > > > > > I am pleased to be calling this vote for the source release of Apache > > > NiFi 1.15.1. > > > > > > This vote, unlike most, is purely stability and security focused. > > > This vote is rooted > > > in a prompt response to the 'log4shell' vulnerability and related > > > logging announcements. > > > It also includes other easy to incorporate bugs and improvements. It > > > should be easy to > > > upgrade from any 1.15 install to this and just as easy as it was to go > > > from pre 1.15 to > > > this 1.15.1. > > > > > > The source zip, including signatures, digests, etc. can be found at: > > > https://repository.apache.org/content/repositories/orgapachenifi-1192 > > > > > > The source being voted upon and the convenience binaries can be found > at: > > > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/ > > > > > > A helpful reminder on how the release candidate verification process > > works: > > > > > > > > > https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate > > > > > > The Git tag is nifi-1.15.1-RC1 > > > The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02 > > > > > > > > > https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02 > > > > > > Checksums of nifi-1.15.1-source-release.zip: > > > SHA256: > 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52 > > > SHA512: > > > > > > 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039 > > > > > > Release artifacts are signed with the following key: > > > https://people.apache.org/keys/committer/joewitt.asc > > > > > > KEYS file available here: > > > https://dist.apache.org/repos/dist/release/nifi/KEYS > > > > > > 45 issues were closed/resolved for this release: > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055 > > > > > > Release note highlights can be found here: > > > > > > > > > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1 > > > > > > Given the nature of the vote being about a prompt release to remove > > > vulnerable > > > logging related libraries the vote will be open for 24 hours (instead > > > of the normal 72 hours). > > > > > > Please download the release candidate and evaluate the necessary items > > > including checking hashes, signatures, build from source, and test. > > > Then please vote: > > > > > > [ ] +1 Release this package as nifi-1.15.1 > > > [ ] +0 no opinion > > > [ ] -1 Do not release this package because... > > > > > >
