Thanks for the heads up David. I agree with you, we should include this fix in 1.28.1
I will cancel RC2 and create RC3 soon Regards Ferenc On Thu, Nov 14, 2024 at 5:56 PM David Handermann <exceptionfact...@apache.org> wrote: > > -1 (binding) > > Thanks for preparing the RC2 build, Ferenc. > > The Netty project published CVE-2024-47535 [1] on 2024-11-12 impacting > versions 4.1.114 and earlier. This issue was resolved in version > 4.1.115. Although the attack vector is narrow, as this release is > likely to be the last of the version 1 series, this version should be > upgraded as Netty is a common dependency. > > Regards, > David Handermann > > [1] https://nvd.nist.gov/vuln/detail/CVE-2024-47535 > > On Thu, Nov 14, 2024 at 9:31 AM Ferenc Kis <briansolo1...@apache.org> wrote: > > > > Team, > > > > I am pleased to be calling this vote for the source release of Apache > > NiFi 1.28.1. > > > > Please review the following guide for how to verify a release candidate > > build: > > (please use "export VERSION=1.28.1" in Verification Steps section) > > > > https://cwiki.apache.org/confluence/display/NIFI/Release+Candidate+Verification > > > > The source being voted on the and the convenience binaries are > > available on the Apache Distribution Repository: > > > > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.28.1 > > > > The build artifacts are available on the Apache Nexus Repository: > > > > https://repository.apache.org/content/repositories/orgapachenifi-1300 > > > > Git Tag: nifi-1.28.1-RC2 > > Git Commit ID: 472b2be3f3f1c9ef8bdf8496e32f6cf62cbcf45b > > GitHub Commit Link: > > https://github.com/apache/nifi/commit/472b2be3f3f1c9ef8bdf8496e32f6cf62cbcf45b > > > > Checksums of nifi-1.28.1-source-release.zip > > > > SHA256: a4e988e9352e797a02e76cd26e7aa0ee15d877ede3c72bd74eaa3134a1e1fc48 > > SHA512: > > cf253629688556eab43fe8a877b9eb414b64d52c8c868a448efbec05267b8f54dbeca1aa925046f64e9dab548bc7f045bb67fdfe1eaf65ac4bf6b676235d6248 > > > > Release artifacts are signed with the following key: > > > > https://people.apache.org/keys/committer/briansolo1985.asc > > > > KEYS file is available on the Apache Distribution Repository: > > > > https://dist.apache.org/repos/dist/release/nifi/KEYS > > > > Issues resolved for this version: 10 > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12355265 > > > > Release note highlights can be found on the project wiki: > > > > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.28.1 > > > > The vote will be open for 72 hours. > > > > Please download the release candidate and evaluate the necessary items > > including checking hashes, signatures, build from source, and test. > > Then please vote: > > > > [] +1 Release this package as nifi-1.28.1 > > [] +0 no opinion > > [] -1 Do not release this package because...
