-1 (binding) Thanks for preparing the RC2 build, Ferenc.
The Netty project published CVE-2024-47535 [1] on 2024-11-12 impacting versions 4.1.114 and earlier. This issue was resolved in version 4.1.115. Although the attack vector is narrow, as this release is likely to be the last of the version 1 series, this version should be upgraded as Netty is a common dependency. Regards, David Handermann [1] https://nvd.nist.gov/vuln/detail/CVE-2024-47535 On Thu, Nov 14, 2024 at 9:31 AM Ferenc Kis <briansolo1...@apache.org> wrote: > > Team, > > I am pleased to be calling this vote for the source release of Apache > NiFi 1.28.1. > > Please review the following guide for how to verify a release candidate build: > (please use "export VERSION=1.28.1" in Verification Steps section) > > https://cwiki.apache.org/confluence/display/NIFI/Release+Candidate+Verification > > The source being voted on the and the convenience binaries are > available on the Apache Distribution Repository: > > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.28.1 > > The build artifacts are available on the Apache Nexus Repository: > > https://repository.apache.org/content/repositories/orgapachenifi-1300 > > Git Tag: nifi-1.28.1-RC2 > Git Commit ID: 472b2be3f3f1c9ef8bdf8496e32f6cf62cbcf45b > GitHub Commit Link: > https://github.com/apache/nifi/commit/472b2be3f3f1c9ef8bdf8496e32f6cf62cbcf45b > > Checksums of nifi-1.28.1-source-release.zip > > SHA256: a4e988e9352e797a02e76cd26e7aa0ee15d877ede3c72bd74eaa3134a1e1fc48 > SHA512: > cf253629688556eab43fe8a877b9eb414b64d52c8c868a448efbec05267b8f54dbeca1aa925046f64e9dab548bc7f045bb67fdfe1eaf65ac4bf6b676235d6248 > > Release artifacts are signed with the following key: > > https://people.apache.org/keys/committer/briansolo1985.asc > > KEYS file is available on the Apache Distribution Repository: > > https://dist.apache.org/repos/dist/release/nifi/KEYS > > Issues resolved for this version: 10 > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12355265 > > Release note highlights can be found on the project wiki: > > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.28.1 > > The vote will be open for 72 hours. > > Please download the release candidate and evaluate the necessary items > including checking hashes, signatures, build from source, and test. > Then please vote: > > [] +1 Release this package as nifi-1.28.1 > [] +0 no opinion > [] -1 Do not release this package because...
