I'm in the process of verification, but the dependency-check failed for me with the following error:
*Caused by: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to parse CPE: cpe:2.3:a:perl:file::path:1.08:*:*:*:*:*:*:* at org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpe (CveDB.java:1341) at org.owasp.dependencycheck.data.nvdcve.CveDB.lambda$parseCpes$3 (CveDB.java:1298) at java.util.ArrayList.forEach (ArrayList.java:1257) at org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpes (CveDB.java:1297) at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability (CveDB.java:880) at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse (NvdCveParser.java:99) at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON (ProcessTask.java:139) at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles (ProcessTask.java:152) at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:113) at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:40) at java.util.concurrent.FutureTask.run (FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:624) at java.lang.Thread.run (Thread.java:748)* Am I missing something? On Mon, Apr 19, 2021 at 4:33 PM Clint Wylie <cwy...@apache.org> wrote: > +1 (binding) > > src package: > - verified signature/checksum > - LICENSE/NOTICE present > - compiled, ran checks, unit tests > - built binary distribution, ingested some data and ran some queries > > binary package: > - verified signature/checksum > - LICENSE/NOTICE present > - ingested some data and ran some queries > > docker: > - verified checksum > - started cluster with docker-compose, ingested some data and ran some > queries > > Thanks for putting the release together Jihoon! > > On Fri, Apr 16, 2021 at 5:59 PM Jihoon Son <jihoon...@apache.org> wrote: > > > Hi all, > > > > I have created a build for Apache Druid 0.21.0, release > > candidate 1. > > > > Thanks for everyone who has helped contribute to the release! You can > read > > the proposed release notes here: > > https://github.com/apache/druid/issues/10752 > > > > The release candidate has been tagged in GitHub as > > druid-0.21.0-rc1 (733697c25ff22045f14016d83b123fa18556dec8), > > available here: > > https://github.com/apache/druid/releases/tag/druid-0.21.0-rc1 > > > > The artifacts to be voted on are located here: > > https://dist.apache.org/repos/dist/dev/druid/0.21.0-rc1/ > > > > A staged Maven repository is available for review at: > > https://repository.apache.org/content/repositories/orgapachedruid-1023/ > > > > Staged druid.apache.org website documentation is available here: > > https://druid.staged.apache.org/docs/0.21.0/design/index.html > > > > A Docker image containing the binary of the release candidate can be > > retrieved via: > > docker pull apache/druid:0.21.0-rc1 > > > > artifact checksums > > src: > > > > > 8ff3c5ce96b6eff67a68945284e9d2280ea6fbca4ee4a3a023e74685f05dfbed84d1e9071ed5331cb0b1416cb87895d146ce733ae228070a9437375e1baca022 > > bin: > > > > > 4c1b9ff4c8d89e1c78f0bc9e414ea4e855a637925959b5e4e4edd79bdbd0311f0b09cc332c6f48f982f10d9d46d2658cee802bac4e60116598d1aaf3deebf9b1 > > docker: 33ff4044017f5974f2e250512a1dd2449078dbf1fa18dd2bd4fa511a4c9f2f78 > > > > Release artifacts are signed with the following key: > > https://people.apache.org/keys/committer/jihoonson.asc > > > > This key and the key of other committers can also be found in the > project's > > KEYS file here: > > https://dist.apache.org/repos/dist/release/druid/KEYS > > > > (If you are a committer, please feel free to add your own key to that > file > > by following the instructions in the file's header.) > > > > > > Verify checksums: > > diff <(shasum -a512 apache-druid-0.21.0-src.tar.gz | \ > > cut -d ' ' -f1) \ > > <(cat apache-druid-0.21.0-src.tar.gz.sha512 ; echo) > > > > diff <(shasum -a512 apache-druid-0.21.0-bin.tar.gz | \ > > cut -d ' ' -f1) \ > > <(cat apache-druid-0.21.0-bin.tar.gz.sha512 ; echo) > > > > Verify signatures: > > gpg --verify apache-druid-0.21.0-src.tar.gz.asc \ > > apache-druid-0.21.0-src.tar.gz > > > > gpg --verify apache-druid-0.21.0-bin.tar.gz.asc \ > > apache-druid-0.21.0-bin.tar.gz > > > > Please review the proposed artifacts and vote. Note that Apache has > > specific requirements that must be met before +1 binding votes can be > cast > > by PMC members. Please refer to the policy at > > http://www.apache.org/legal/release-policy.html#policy for more details. > > > > As part of the validation process, the release artifacts can be generated > > from source by running: > > mvn clean install -Papache-release,dist -Dgpg.skip > > > > The RAT license check can be run from source by: > > mvn apache-rat:check -Prat > > > > This vote will be open for at least 72 hours. The vote will pass if a > > majority of at least three +1 PMC votes are cast. > > > > [ ] +1 Release this package as Apache Druid 0.21.0 > > [ ] 0 I don't feel strongly about it, but I'm okay with the release > > [ ] -1 Do not release this package because... > > > > Thanks! > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > > For additional commands, e-mail: dev-h...@druid.apache.org > > > > >
