Thanks for starting this discussion Matthias. I agree with all of you that a final 1.10.3 release could be really helpful for our users. Given that CI passes, it shouldn't be too much overhead either.
Cheers, Till On Wed, Jan 13, 2021 at 9:45 AM Xingbo Huang <hxbks...@gmail.com> wrote: > Thanks for starting this discussion, Matthias. > > +1 for releasing 1.10.3 as it contains a number of important fixes. > > Best, > Xingbo > > Xintong Song <tonysong...@gmail.com> 于2021年1月13日周三 下午3:46写道: > > > Thanks for bringing this up, Matthias. > > > > Per the "Update Policy for old releases" [1], normally we do not release > > 1.10.x after 1.12.0 is released. However, the policy also says that we > are > > "open to discussing bugfix releases for even older versions". > > > > In this case, I'm +1 for releasing 1.10.3, for the dozens of > non-released > > fixes and the security flaws. > > > > As a reminder, I'd like to bring up FLINK-20906 [2] to be backported if > we > > are releasing 1.10.3, which updates the copyright year in NOTICE files to > > 2021. > > > > Thank you~ > > > > Xintong Song > > > > > > [1] https://flink.apache.org/downloads.html > > [2] https://issues.apache.org/jira/browse/FLINK-20906 > > > > On Tue, Jan 12, 2021 at 7:15 PM Matthias Pohl <matth...@ververica.com> > > wrote: > > > > > Hi, > > > I'd like to initiate a discussion on releasing Flink 1.10.3. There > were a > > > few requests in favor of this already in [1] and [2]. > > > > > > I checked the release-1.10 branch: 55 commits are not released, yet. > > > Some non-released fixes that might be relevant are: > > > - FLINK-20218 [3] - fix "module 'urllib' has no attribute 'parse'" due > to > > > ProtoBuf version update > > > - FLINK-20013 [4] - BoundedBlockingSubpartition may leak network buffer > > > - FLINK-19252 [5] - temporary folder is not created when missing > > > - FLINK-19557 [6] - LeaderRetrievalListener notification upon ZooKeeper > > > reconnection > > > - FLINK-19523 [7] - hide sensitive information in logs > > > > > > In addition to that, we would like to include a backport for > > CVE-2020-17518 > > > and CVE-2020-17519 to cover the request in [2]. > > > > > > The travis-ci build chain for release-1.10 seems to be stable [8]. > > > Any thoughts on that? Unfortunately, I cannot volunteer as a release > > > manager due to the lack of permissions. But I wanted to start the > > > discussion, anyway. > > > > > > Best, > > > Matthias > > > > > > [1] > > > > > > > > > http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/ANNOUNCE-Weekly-Community-Update-2020-44-45-td46486.html#a47610 > > > [2] https://issues.apache.org/jira/browse/FLINK-20875 > > > [3] https://issues.apache.org/jira/browse/FLINK-20218 > > > [4] https://issues.apache.org/jira/browse/FLINK-20013 > > > [5] https://issues.apache.org/jira/browse/FLINK-19252 > > > [6] https://issues.apache.org/jira/browse/FLINK-19557 > > > [7] https://issues.apache.org/jira/browse/FLINK-19523 > > > [8] https://travis-ci.com/github/apache/flink/builds/212749910 > > > > > >