+1 (binding) Was able to verify hash & signature. Completed full build w/ all unit tests Ran system tests with all completing successfully
Started a standalone instance with OOTB config and verified all was ok Started a secure cluster and ran some dummy flows to ensure that data was processing as expected. Encountered no issues. Built a dataflow that unpacks the entire archive and recursively unpacks all nars, jars, tars, gzip, zip, etc. and looks for any JndiLookup.class files. This way, even if a log4j dependency were shaded, it would still be flagged. Was able to find that older builds have several NARs packaged that had a JndiLookup.class but can confirm that this build contains no instances of it. Thanks for turning around the RC and the vote and performing the RM duties so quickly Joe! -Mark > On Dec 15, 2021, at 2:02 PM, Joe Gresock <[email protected]> wrote: > > +1 (non-binding) -- ran through the release guide and ran a basic flow with > no problems > > On Tue, Dec 14, 2021 at 10:35 PM Joe Witt <[email protected]> wrote: > >> Hello, >> >> I am pleased to be calling this vote for the source release of Apache >> NiFi 1.15.1. >> >> This vote, unlike most, is purely stability and security focused. >> This vote is rooted >> in a prompt response to the 'log4shell' vulnerability and related >> logging announcements. >> It also includes other easy to incorporate bugs and improvements. It >> should be easy to >> upgrade from any 1.15 install to this and just as easy as it was to go >> from pre 1.15 to >> this 1.15.1. >> >> The source zip, including signatures, digests, etc. can be found at: >> https://repository.apache.org/content/repositories/orgapachenifi-1192 >> >> The source being voted upon and the convenience binaries can be found at: >> https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/ >> >> A helpful reminder on how the release candidate verification process works: >> >> https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate >> >> The Git tag is nifi-1.15.1-RC1 >> The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02 >> >> https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02 >> >> Checksums of nifi-1.15.1-source-release.zip: >> SHA256: 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52 >> SHA512: >> 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039 >> >> Release artifacts are signed with the following key: >> https://people.apache.org/keys/committer/joewitt.asc >> >> KEYS file available here: >> https://dist.apache.org/repos/dist/release/nifi/KEYS >> >> 45 issues were closed/resolved for this release: >> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055 >> >> Release note highlights can be found here: >> >> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1 >> >> Given the nature of the vote being about a prompt release to remove >> vulnerable >> logging related libraries the vote will be open for 24 hours (instead >> of the normal 72 hours). >> >> Please download the release candidate and evaluate the necessary items >> including checking hashes, signatures, build from source, and test. >> Then please vote: >> >> [ ] +1 Release this package as nifi-1.15.1 >> [ ] +0 no opinion >> [ ] -1 Do not release this package because... >>
