+1 (binding) - verified hashes and signatures - checked that diff of all RCs contain only the log4j version upgrade
On Tue, Dec 14, 2021 at 4:06 AM Yun Gao <yungao...@aliyun.com.invalid> wrote: > +1 (non-binding) > > * Reviewed the blog post. > * Verified each version could run normally with example jobs. > * Checked each version only contains the log4j2 fix. > > Thanks Chesnay for driving the emergency fix releases! > > Best, > Yun > > > ------------------------------------------------------------------ > From:Yun Tang <myas...@live.com> > Send Time:2021 Dec. 14 (Tue.) 18:25 > To:dev@flink.apache.org <dev@flink.apache.org>; Till Rohrmann < > trohrm...@apache.org> > Subject:Re: [VOTE] Release 1.11.5/1.12.6/1.13.4/1.14.1, release candidate > #1 > > + 1 (non-binding) for releasing flink-1.13.4 and flink-1.14.1 currently > > > * reviewed blog post > * checked that the hot fix verion only contains the log4j2 version bump > > Best > Yun Tang > ________________________________ > From: Chesnay Schepler <ches...@apache.org> > Sent: Tuesday, December 14, 2021 17:12 > To: dev@flink.apache.org <dev@flink.apache.org>; Till Rohrmann < > trohrm...@apache.org> > Subject: Re: [VOTE] Release 1.11.5/1.12.6/1.13.4/1.14.1, release candidate > #1 > > I think that should be possible. > > On 14/12/2021 10:06, Till Rohrmann wrote: > > +1 (binding) > > > > - reviewed blog post > > - verified shasum and signatures > > - checked that diff only contains the log4j version bump > > > > Can we simply add the missing Python binaries for MacOS after the release > > of the other artifacts? > > > > Cheers, > > Till > > > > On Tue, Dec 14, 2021 at 4:56 AM Yun Tang <myas...@live.com> wrote: > > > >> Hi Chesnay, > >> > >> Thanks a lot for driving these emergency patch releases! > >> > >> I just noticed that current flink-1.11.4 offers python files on mac os > >> [1]. Is it okay to release Flink-1.11.5 and flink-1.12.6 without those > >> python binaries on mac os? > >> > >> > >> [1] https://pypi.org/project/apache-flink/1.11.4/#files > >> > >> Best > >> Yun Tang > >> ________________________________ > >> From: Zhu Zhu <reed...@gmail.com> > >> Sent: Tuesday, December 14, 2021 11:00 > >> To: dev <dev@flink.apache.org> > >> Subject: Re: [VOTE] Release 1.11.5/1.12.6/1.13.4/1.14.1, release > candidate > >> #1 > >> > >> +1 (binding) > >> > >> - verified the differences of source releases to the corresponding > latest > >> releases, there are only dependency updates and release version update > >> commits > >> - verified versions of log4j dependencies in the all binary releases are > >> 2.15.0 > >> - ran example jobs against all the binary releases, logs look good > >> - release notes and blogpost look good > >> > >> Thanks, > >> Zhu > >> > >> Xintong Song <tonysong...@gmail.com> 于2021年12月14日周二 10:23写道: > >> > >>> +1 (binding) > >>> > >>> - verified checksum and signature > >>> - verified that release candidates only contain the log4j dependency > >>> changes compared to previous releases. > >>> - release notes and blogpost LGTM > >>> > >>> Thanks a lot for driving these emergency patch releases, Chesnay! > >>> > >>> Thank you~ > >>> > >>> Xintong Song > >>> > >>> > >>> > >>> On Tue, Dec 14, 2021 at 7:45 AM Chesnay Schepler <ches...@apache.org> > >>> wrote: > >>> > >>>> I forgot to mention something important: > >>>> > >>>> The 1.11/1.12 releases do *NOT* contain flink-python releases for > *mac* > >>>> due to compile problems. > >>>> > >>>> On 13/12/2021 20:28, Chesnay Schepler wrote: > >>>>> Hi everyone, > >>>>> > >>>>> This vote is for the emergency patch releases for 1.11, 1.12, 1.13 > >> and > >>>>> 1.14 to address CVE-2021-44228. > >>>>> It covers all 4 releases as they contain the same changes (upgrading > >>>>> Log4j to 2.15.0) and were prepared simultaneously by the same person. > >>>>> (Hence, if something is broken, it likely applies to all releases) > >>>>> > >>>>> Please review and vote on the release candidate #1 for the versions > >>>>> 1.11.5, 1.12.6, 1.13.4 and 1.14.1, as follows: > >>>>> [ ] +1, Approve the releases > >>>>> [ ] -1, Do not approve the releases (please provide specific > >> comments) > >>>>> The complete staging area is available for your review, which > >> includes: > >>>>> * JIRA release notes [1], > >>>>> * the official Apache source releases and binary convenience releases > >>>>> to be deployed to dist.apache.org [2], which are signed with the key > >>>>> with fingerprint C2EED7B111D464BA [3], > >>>>> * all artifacts to be deployed to the Maven Central Repository [4], > >>>>> * *the jars for 1.13/1.14 are still being built* > >>>>> * source code tags [5], > >>>>> * website pull request listing the new releases and adding > >>>>> announcement blog post [6]. > >>>>> > >>>>> The vote will be open for at least 24 hours. The minimum vote time > >> has > >>>>> been shortened as the changes are minimal and the matter is urgent. > >>>>> It is adopted by majority approval, with at least 3 PMC affirmative > >>>>> votes. > >>>>> > >>>>> Thanks, > >>>>> Chesnay > >>>>> > >>>>> [1] > >>>>> 1.11: > >>>>> > >> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12350327 > >>>>> 1.12: > >>>>> > >> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12350328 > >>>>> 1.13: > >>>>> > >> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12350686 > >>>>> 1.14: > >>>>> > >> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12350512 > >>>>> [2] > >>>>> 1.11: https://dist.apache.org/repos/dist/dev/flink/flink-1.11.5-rc1/ > >>>>> 1.12: https://dist.apache.org/repos/dist/dev/flink/flink-1.12.6-rc1/ > >>>>> 1.13: https://dist.apache.org/repos/dist/dev/flink/flink-1.13.4-rc1/ > >>>>> 1.14: https://dist.apache.org/repos/dist/dev/flink/flink-1.14.1-rc1/ > >>>>> [3] https://dist.apache.org/repos/dist/release/flink/KEYS > >>>>> [4] > >>>>> 1.11/1.12: > >>>>> > >> https://repository.apache.org/content/repositories/orgapacheflink-1455 > >>>>> 1.13: > >>>>> > >> https://repository.apache.org/content/repositories/orgapacheflink-1457 > >>>>> 1.14: > >>>>> > >> https://repository.apache.org/content/repositories/orgapacheflink-1456 > >>>>> [5] > >>>>> 1.11: > >> https://github.com/apache/flink/releases/tag/release-1.11.5-rc1 > >>>>> 1.12: > >> https://github.com/apache/flink/releases/tag/release-1.12.6-rc1 > >>>>> 1.13: > >> https://github.com/apache/flink/releases/tag/release-1.13.4-rc1 > >>>>> 1.14: > >> https://github.com/apache/flink/releases/tag/release-1.14.1-rc1 > >>>>> [6] https://github.com/apache/flink-web/pull/489 > >>>>> > > >
