Hi, May I have a double confirmation that it seems we still have log4j version written as 2.15.0 in dev/project-configuration.md in the commit corresponding to release tags, which seems to be not consistent with the PR in the github, is it expected and would it have influence?
Best, Yun ------------------Original Mail ------------------ Sender:Stephan Ewen <ewenstep...@gmail.com> Send Date:Thu Dec 16 08:34:10 2021 Recipients:dev <dev@flink.apache.org> Subject:Re: [VOTE] Release 1.11.6/1.12.7/1.13.5/1.14.2, release candidate #1 +1 (binding) - Verified commit history, looks good => stumbled over the changes in the "create_release_branch.sh ", which are present in each release commit. [1] => agree that these are not an issue, because this is an out-of-band release - Release notes for 1.14.2 are off, contain incorrect entry "FLINK-25222: Remove NetworkFailureProxy used for Kafka connector tests" - Checked that released binaries and jars reference correct Scala versions - Ran streaming examples against binary releases for 1.12.7, 1.13.5, 1.14.2. Execution logs look correct. - Other checks (licenses, no binaries) carry over from previous releases [1] https://github.com/apache/flink/commit/6fd4b1c0ef2ddd12751889218445ce0e60ff6c80#diff-94c70ce1a0abddcd83314c83b46080d8edbcd919b737f316cd6f72006d464074 On Wed, Dec 15, 2021 at 5:54 PM Seth Wiesman wrote: > +1 (non-binding) > > - Checked diff of all versions and verified dep upgrade > - Verified checksum and signatures > - Built 1.14 from source > - checked blog post > > Seth > > On Wed, Dec 15, 2021 at 10:22 AM Yu Li wrote: > > > +1 > > > > * Verified checksums and signatures > > * Reviewed website PR > > - Minor: left a comment to mention CVE-2021-45046 > > * Checked and confirmed new tags only contain log4j version bump > > * Checked release notes and found no issues > > - I've moved FLINK-25317 to 1.14.3 > > > > Thanks for driving these releases Chesnay! > > > > Best Regards, > > Yu > > > > > > On Wed, 15 Dec 2021 at 21:29, Chesnay Schepler > wrote: > > > > > FYI; the publication of the python release for 1.11/1.12 will be > delayed > > > because we hit the project size limit on pypi again, and increasing > that > > > limit may take a while. > > > On the positive side, this gives us more time to fix the mac builds. > > > > > > On 15/12/2021 03:55, Chesnay Schepler wrote: > > > > Hi everyone, > > > > > > > > This vote is for the emergency patch releases for 1.11, 1.12, 1.13 > and > > > > 1.14 to address CVE-2021-44228/CVE-2021-45046. > > > > It covers all 4 releases as they contain the same changes (upgrading > > > > Log4j to 2.16.0) and were prepared simultaneously by the same person. > > > > (Hence, if something is broken, it likely applies to all releases) > > > > > > > > Note: 1.11/1.12 are still missing the Python Mac releases. > > > > > > > > > > > > Please review and vote on the release candidate #1 for the versions > > > > 1.11.6, 1.12.7, 1.13.5 and 1.14.2, as follows: > > > > [ ] +1, Approve the releases > > > > [ ] -1, Do not approve the releases (please provide specific > comments) > > > > > > > > The complete staging area is available for your review, which > includes: > > > > * JIRA release notes [1], > > > > * the official Apache source releases and binary convenience releases > > > > to be deployed to dist.apache.org [2], which are signed with the key > > > > with fingerprint C2EED7B111D464BA [3], > > > > * all artifacts to be deployed to the Maven Central Repository [4], > > > > * source code tags [5], > > > > * website pull request listing the new releases and adding > > > > announcement blog post [6]. > > > > > > > > The vote will be open for at least 24 hours. The minimum vote time > has > > > > been shortened as the changes are minimal and the matter is urgent. > > > > It is adopted by majority approval, with at least 3 PMC affirmative > > > > votes. > > > > > > > > Thanks, > > > > Chesnay > > > > > > > > [1] > > > > 1.11: > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12351056 > > > > 1.12: > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12351057 > > > > 1.13: > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12351058 > > > > 1.14: > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12351059 > > > > [2] > > > > 1.11: https://dist.apache.org/repos/dist/dev/flink/flink-1.11.6-rc1/ > > > > 1.12: https://dist.apache.org/repos/dist/dev/flink/flink-1.12.7-rc1/ > > > > 1.13: https://dist.apache.org/repos/dist/dev/flink/flink-1.13.5-rc1/ > > > > 1.14: https://dist.apache.org/repos/dist/dev/flink/flink-1.14.2-rc1/ > > > > [3] https://dist.apache.org/repos/dist/release/flink/KEYS > > > > [4] > > > > 1.11: > > > > > https://repository.apache.org/content/repositories/orgapacheflink-1460 > > > > 1.12: > > > > > https://repository.apache.org/content/repositories/orgapacheflink-1462 > > > > 1.13: > > > > > https://repository.apache.org/content/repositories/orgapacheflink-1459 > > > > 1.14: > > > > > https://repository.apache.org/content/repositories/orgapacheflink-1461 > > > > [5] > > > > 1.11: > https://github.com/apache/flink/releases/tag/release-1.11.6-rc1 > > > > 1.12: > https://github.com/apache/flink/releases/tag/release-1.12.7-rc1 > > > > 1.13: > https://github.com/apache/flink/releases/tag/release-1.13.5-rc1 > > > > 1.14: > https://github.com/apache/flink/releases/tag/release-1.14.2-rc1 > > > > [6] https://github.com/apache/flink-web/pull/489 > > > > > > > > > > > > > > > > >
