[CANCELED][VOTE] Release Apache Flink Elasticsearch connector 3.0.0, rc1

Thu, 03 Nov 2022 00:56:04 -0700 

This RC is canceled.

On 02/11/2022 20:20, Danny Cranmer wrote:

Hey,

It is very exciting to see the first RC for an externalized connector!
Thanks for all the effort setting up the release scripts and processes
Chesnay.

Just to confirm before I start verifying this, will there be an RC2 to bump
the Jackson version?

Danny,

On Wed, Nov 2, 2022 at 6:22 PM Chesnay Schepler <ches...@apache.org> wrote:


Yeah we should bump that to be closer to the connector version released
with 1.16.0.

On 02/11/2022 15:53, Sergey Nuyanzin wrote:

still checking
however there is at least one finding I would like to highlight
currently elasticsearch connector depends on jackson-bom 2.13.2.20220328
which has 2 CVEs CVE-2022-42003[1] CVE-2022-42004[2] fixed in
2.13.4.20221013 [3]
Does it make sense to include it in this version?

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
[3]


https://github.com/FasterXML/jackson-databind/issues/3590#issue-1362567066

On Wed, Nov 2, 2022 at 12:01 PM Chesnay Schepler <ches...@apache.org>

wrote:

Hi everyone,
Please review and vote on the release candidate #1 for the version
3.0.0, as follows:
[ ] +1, Approve the release
[ ] -1, Do not approve the release (please provide specific comments)

The complete staging area is available for your review, which includes:
* JIRA release notes [1],
* the official Apache source release to be deployed to dist.apache.org
[2], which are signed with the key with fingerprint C2EED7B111D464BA

[3],

* all artifacts to be deployed to the Maven Central Repository [4],
* source code tag [5],
* website pull request listing the new release [6].

The vote will be open for at least 72 hours. It is adopted by majority
approval, with at least 3 PMC affirmative votes.

Note: This is the first release of an externalized connector, relying on
a new set of scripts. Double-check _everything_.

    Thanks,
Release Manager

[1] https://issues.apache.org/jira/projects/FLINK/versions/12352291
[2]



https://dist.apache.org/repos/dist/dev/flink/flink-connector-elasticsearch-3.0.0-rc1/

[3] https://dist.apache.org/repos/dist/release/flink/KEYS
[4]
https://repository.apache.org/content/repositories/orgapacheflink-1543/
[5]



https://github.com/apache/flink-connector-elasticsearch/releases/tag/v3.0.0-rc1

[6] https://github.com/apache/flink-web/pull/579

Reply via email to