+1 (binding) - reviewed blog post - verified shasum and signatures - checked that diff only contains the log4j version bump
Can we simply add the missing Python binaries for MacOS after the release of the other artifacts? Cheers, Till On Tue, Dec 14, 2021 at 4:56 AM Yun Tang <myas...@live.com> wrote: > Hi Chesnay, > > Thanks a lot for driving these emergency patch releases! > > I just noticed that current flink-1.11.4 offers python files on mac os > [1]. Is it okay to release Flink-1.11.5 and flink-1.12.6 without those > python binaries on mac os? > > > [1] https://pypi.org/project/apache-flink/1.11.4/#files > > Best > Yun Tang > ________________________________ > From: Zhu Zhu <reed...@gmail.com> > Sent: Tuesday, December 14, 2021 11:00 > To: dev <dev@flink.apache.org> > Subject: Re: [VOTE] Release 1.11.5/1.12.6/1.13.4/1.14.1, release candidate > #1 > > +1 (binding) > > - verified the differences of source releases to the corresponding latest > releases, there are only dependency updates and release version update > commits > - verified versions of log4j dependencies in the all binary releases are > 2.15.0 > - ran example jobs against all the binary releases, logs look good > - release notes and blogpost look good > > Thanks, > Zhu > > Xintong Song <tonysong...@gmail.com> 于2021年12月14日周二 10:23写道: > > > +1 (binding) > > > > - verified checksum and signature > > - verified that release candidates only contain the log4j dependency > > changes compared to previous releases. > > - release notes and blogpost LGTM > > > > Thanks a lot for driving these emergency patch releases, Chesnay! > > > > Thank you~ > > > > Xintong Song > > > > > > > > On Tue, Dec 14, 2021 at 7:45 AM Chesnay Schepler <ches...@apache.org> > > wrote: > > > > > I forgot to mention something important: > > > > > > The 1.11/1.12 releases do *NOT* contain flink-python releases for *mac* > > > due to compile problems. > > > > > > On 13/12/2021 20:28, Chesnay Schepler wrote: > > > > Hi everyone, > > > > > > > > This vote is for the emergency patch releases for 1.11, 1.12, 1.13 > and > > > > 1.14 to address CVE-2021-44228. > > > > It covers all 4 releases as they contain the same changes (upgrading > > > > Log4j to 2.15.0) and were prepared simultaneously by the same person. > > > > (Hence, if something is broken, it likely applies to all releases) > > > > > > > > Please review and vote on the release candidate #1 for the versions > > > > 1.11.5, 1.12.6, 1.13.4 and 1.14.1, as follows: > > > > [ ] +1, Approve the releases > > > > [ ] -1, Do not approve the releases (please provide specific > comments) > > > > > > > > The complete staging area is available for your review, which > includes: > > > > * JIRA release notes [1], > > > > * the official Apache source releases and binary convenience releases > > > > to be deployed to dist.apache.org [2], which are signed with the key > > > > with fingerprint C2EED7B111D464BA [3], > > > > * all artifacts to be deployed to the Maven Central Repository [4], > > > > * *the jars for 1.13/1.14 are still being built* > > > > * source code tags [5], > > > > * website pull request listing the new releases and adding > > > > announcement blog post [6]. > > > > > > > > The vote will be open for at least 24 hours. The minimum vote time > has > > > > been shortened as the changes are minimal and the matter is urgent. > > > > It is adopted by majority approval, with at least 3 PMC affirmative > > > > votes. > > > > > > > > Thanks, > > > > Chesnay > > > > > > > > [1] > > > > 1.11: > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12350327 > > > > 1.12: > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12350328 > > > > 1.13: > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12350686 > > > > 1.14: > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12350512 > > > > [2] > > > > 1.11: https://dist.apache.org/repos/dist/dev/flink/flink-1.11.5-rc1/ > > > > 1.12: https://dist.apache.org/repos/dist/dev/flink/flink-1.12.6-rc1/ > > > > 1.13: https://dist.apache.org/repos/dist/dev/flink/flink-1.13.4-rc1/ > > > > 1.14: https://dist.apache.org/repos/dist/dev/flink/flink-1.14.1-rc1/ > > > > [3] https://dist.apache.org/repos/dist/release/flink/KEYS > > > > [4] > > > > 1.11/1.12: > > > > > https://repository.apache.org/content/repositories/orgapacheflink-1455 > > > > 1.13: > > > > > https://repository.apache.org/content/repositories/orgapacheflink-1457 > > > > 1.14: > > > > > https://repository.apache.org/content/repositories/orgapacheflink-1456 > > > > [5] > > > > 1.11: > https://github.com/apache/flink/releases/tag/release-1.11.5-rc1 > > > > 1.12: > https://github.com/apache/flink/releases/tag/release-1.12.6-rc1 > > > > 1.13: > https://github.com/apache/flink/releases/tag/release-1.13.4-rc1 > > > > 1.14: > https://github.com/apache/flink/releases/tag/release-1.14.1-rc1 > > > > [6] https://github.com/apache/flink-web/pull/489 > > > > > > > > > >
