+1 (non-binding) - Verified signatures and hashes. - Built from source with OpenJDK 8 and OpenJDK 11. - Ran and tested a couple of flows. - Checked the dependency does not include log4j less than 2.16.0.
Thank you for managing the release, Joe! Thanks, Kotaro On Wed, Dec 15, 2021 at 12:35 PM Joe Witt <joew...@apache.org> wrote: > Hello, > > I am pleased to be calling this vote for the source release of Apache > NiFi 1.15.1. > > This vote, unlike most, is purely stability and security focused. > This vote is rooted > in a prompt response to the 'log4shell' vulnerability and related > logging announcements. > It also includes other easy to incorporate bugs and improvements. It > should be easy to > upgrade from any 1.15 install to this and just as easy as it was to go > from pre 1.15 to > this 1.15.1. > > The source zip, including signatures, digests, etc. can be found at: > https://repository.apache.org/content/repositories/orgapachenifi-1192 > > The source being voted upon and the convenience binaries can be found at: > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/ > > A helpful reminder on how the release candidate verification process works: > > https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate > > The Git tag is nifi-1.15.1-RC1 > The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02 > > https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02 > > Checksums of nifi-1.15.1-source-release.zip: > SHA256: 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52 > SHA512: > 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039 > > Release artifacts are signed with the following key: > https://people.apache.org/keys/committer/joewitt.asc > > KEYS file available here: > https://dist.apache.org/repos/dist/release/nifi/KEYS > > 45 issues were closed/resolved for this release: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055 > > Release note highlights can be found here: > > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1 > > Given the nature of the vote being about a prompt release to remove > vulnerable > logging related libraries the vote will be open for 24 hours (instead > of the normal 72 hours). > > Please download the release candidate and evaluate the necessary items > including checking hashes, signatures, build from source, and test. > Then please vote: > > [ ] +1 Release this package as nifi-1.15.1 > [ ] +0 no opinion > [ ] -1 Do not release this package because... >