Thanks for starting this discussion Matthias. I agree with all of you that
a final 1.10.3 release could be really helpful for our users. Given that CI
passes, it shouldn't be too much overhead either.

Cheers,
Till

On Wed, Jan 13, 2021 at 9:45 AM Xingbo Huang <hxbks...@gmail.com> wrote:

> Thanks for starting this discussion, Matthias.
>
> +1 for releasing 1.10.3 as it contains a number of important fixes.
>
> Best,
> Xingbo
>
> Xintong Song <tonysong...@gmail.com> 于2021年1月13日周三 下午3:46写道:
>
> > Thanks for bringing this up, Matthias.
> >
> > Per the "Update Policy for old releases" [1], normally we do not release
> > 1.10.x after 1.12.0 is released. However, the policy also says that we
> are
> > "open to discussing bugfix releases for even older versions".
> >
> > In this case, I'm +1 for releasing 1.10.3, for the dozens of
> non-released
> > fixes and the security flaws.
> >
> > As a reminder, I'd like to bring up FLINK-20906 [2] to be backported if
> we
> > are releasing 1.10.3, which updates the copyright year in NOTICE files to
> > 2021.
> >
> > Thank you~
> >
> > Xintong Song
> >
> >
> > [1] https://flink.apache.org/downloads.html
> > [2] https://issues.apache.org/jira/browse/FLINK-20906
> >
> > On Tue, Jan 12, 2021 at 7:15 PM Matthias Pohl <matth...@ververica.com>
> > wrote:
> >
> > > Hi,
> > > I'd like to initiate a discussion on releasing Flink 1.10.3. There
> were a
> > > few requests in favor of this already in [1] and [2].
> > >
> > > I checked the release-1.10 branch: 55 commits are not released, yet.
> > > Some non-released fixes that might be relevant are:
> > > - FLINK-20218 [3] - fix "module 'urllib' has no attribute 'parse'" due
> to
> > > ProtoBuf version update
> > > - FLINK-20013 [4] - BoundedBlockingSubpartition may leak network buffer
> > > - FLINK-19252 [5] - temporary folder is not created when missing
> > > - FLINK-19557 [6] - LeaderRetrievalListener notification upon ZooKeeper
> > > reconnection
> > > - FLINK-19523 [7] - hide sensitive information in logs
> > >
> > > In addition to that, we would like to include a backport for
> > CVE-2020-17518
> > > and CVE-2020-17519 to cover the request in [2].
> > >
> > > The travis-ci build chain for release-1.10 seems to be stable [8].
> > > Any thoughts on that? Unfortunately, I cannot volunteer as a release
> > > manager due to the lack of permissions. But I wanted to start the
> > > discussion, anyway.
> > >
> > > Best,
> > > Matthias
> > >
> > > [1]
> > >
> > >
> >
> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/ANNOUNCE-Weekly-Community-Update-2020-44-45-td46486.html#a47610
> > > [2] https://issues.apache.org/jira/browse/FLINK-20875
> > > [3] https://issues.apache.org/jira/browse/FLINK-20218
> > > [4] https://issues.apache.org/jira/browse/FLINK-20013
> > > [5] https://issues.apache.org/jira/browse/FLINK-19252
> > > [6] https://issues.apache.org/jira/browse/FLINK-19557
> > > [7] https://issues.apache.org/jira/browse/FLINK-19523
> > > [8] https://travis-ci.com/github/apache/flink/builds/212749910
> > >
> >
>

Reply via email to