+1 (non-binding) * downloaded the artifacts * compiled from source * verified checksums * verified versions included in the release
There has been a new version swagger-core 2.2.3 released [1] (in contrast to 2.2.2 which we use in the 16.0 release). The only relevant thing I noticed was the upgrade of snake-yaml to 1.31 and 1.32. We're using 1.31 in flink-shaded already, anyway, as far as I can see. The upgrade for 1.32 doesn't seem to have relevant vulnerability fixes included according to the snake-yaml release notes [2]. So, I don't see a necessity to include it in this release. [1] https://github.com/swagger-api/swagger-core/releases/tag/v2.2.3 [2] https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes On Tue, Sep 27, 2022 at 1:33 PM Chesnay Schepler <ches...@apache.org> wrote: > Hi everyone, > Please review and vote on the release candidate #1 for the version 16.0, > as follows: > [ ] +1, Approve the release > [ ] -1, Do not approve the release (please provide specific comments) > > > The complete staging area is available for your review, which includes: > * JIRA release notes [1], > * the official Apache source release to be deployed to dist.apache.org > [2], which are signed with the key with fingerprint C2EED7B111D464BA [3], > * all artifacts to be deployed to the Maven Central Repository [4], > * source code tag "release-16.0-rc1" [5], > * website pull request listing the new release [6]. > > The vote will be open for at least 72 hours. It is adopted by majority > approval, with at least 3 PMC affirmative votes. > > Thanks, > Release Manager > > [1] https://issues.apache.org/jira/projects/FLINK/versions/12352331 > [2] https://dist.apache.org/repos/dist/dev/flink/flink-shaded-16.0-rc1/ > [3] https://dist.apache.org/repos/dist/release/flink/KEYS > [4] > https://repository.apache.org/content/repositories/orgapacheflink-1535/ > [5] https://github.com/apache/flink-shaded/releases/tag/release-16.0-rc1 > [6] https://github.com/apache/flink-web/pull/572 > >
