Little bit late but +1 non binding, verified the hashes and tested a secure cluster + secure external ZK and some data flows.
On Wed, Dec 15, 2021 at 2:31 PM Joe Witt <joe.w...@gmail.com> wrote: > Apache NiFi Community, > > I am pleased to announce that the 1.15.1 release of Apache NiFi passes with > 6 +1 (binding) votes > 3 +1 (non-binding) votes > 0 0 votes > 0 -1 votes (non-binding) votes > > Thank you all for quickly making this release and vote work out so > quickly. It was a shortened 24 hour vote which I'm closing a bit > early given the language found in policy > https://www.apache.org/foundation/voting.html#ReleaseVotes. Doing > this promptly to get a clear/precise answer to the growing emails, > slack messages, and JIRAs on this topic. > > Here is the PMC vote thread: > https://lists.apache.org/thread/4ypxoxv2fnlh6wm0njjhxvxnfo846330 > > > > On Wed, Dec 15, 2021 at 12:26 PM Joe Witt <joe.w...@gmail.com> wrote: > > > > +1 binding > > > > On Wed, Dec 15, 2021 at 12:25 PM Mark Payne <marka...@hotmail.com> > wrote: > > > > > > +1 (binding) > > > > > > Was able to verify hash & signature. > > > Completed full build w/ all unit tests > > > Ran system tests with all completing successfully > > > > > > Started a standalone instance with OOTB config and verified all was ok > > > > > > Started a secure cluster and ran some dummy flows to ensure that data > was processing as expected. Encountered no issues. > > > > > > Built a dataflow that unpacks the entire archive and recursively > unpacks all nars, jars, tars, gzip, zip, etc. and looks for any > JndiLookup.class files. This way, even if a log4j dependency were shaded, > it would still be flagged. Was able to find that older builds have several > NARs packaged that had a JndiLookup.class but can confirm that this build > contains no instances of it. > > > > > > Thanks for turning around the RC and the vote and performing the RM > duties so quickly Joe! > > > > > > -Mark > > > > > > > > > > On Dec 15, 2021, at 2:02 PM, Joe Gresock <jgres...@gmail.com> wrote: > > > > > > > > +1 (non-binding) -- ran through the release guide and ran a basic > flow with > > > > no problems > > > > > > > > On Tue, Dec 14, 2021 at 10:35 PM Joe Witt <joew...@apache.org> > wrote: > > > > > > > >> Hello, > > > >> > > > >> I am pleased to be calling this vote for the source release of > Apache > > > >> NiFi 1.15.1. > > > >> > > > >> This vote, unlike most, is purely stability and security focused. > > > >> This vote is rooted > > > >> in a prompt response to the 'log4shell' vulnerability and related > > > >> logging announcements. > > > >> It also includes other easy to incorporate bugs and improvements. > It > > > >> should be easy to > > > >> upgrade from any 1.15 install to this and just as easy as it was to > go > > > >> from pre 1.15 to > > > >> this 1.15.1. > > > >> > > > >> The source zip, including signatures, digests, etc. can be found at: > > > >> > https://repository.apache.org/content/repositories/orgapachenifi-1192 > > > >> > > > >> The source being voted upon and the convenience binaries can be > found at: > > > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/ > > > >> > > > >> A helpful reminder on how the release candidate verification > process works: > > > >> > > > >> > https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate > > > >> > > > >> The Git tag is nifi-1.15.1-RC1 > > > >> The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02 > > > >> > > > >> > https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02 > > > >> > > > >> Checksums of nifi-1.15.1-source-release.zip: > > > >> SHA256: > 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52 > > > >> SHA512: > > > >> > 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039 > > > >> > > > >> Release artifacts are signed with the following key: > > > >> https://people.apache.org/keys/committer/joewitt.asc > > > >> > > > >> KEYS file available here: > > > >> https://dist.apache.org/repos/dist/release/nifi/KEYS > > > >> > > > >> 45 issues were closed/resolved for this release: > > > >> > > > >> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055 > > > >> > > > >> Release note highlights can be found here: > > > >> > > > >> > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1 > > > >> > > > >> Given the nature of the vote being about a prompt release to remove > > > >> vulnerable > > > >> logging related libraries the vote will be open for 24 hours > (instead > > > >> of the normal 72 hours). > > > >> > > > >> Please download the release candidate and evaluate the necessary > items > > > >> including checking hashes, signatures, build from source, and test. > > > >> Then please vote: > > > >> > > > >> [ ] +1 Release this package as nifi-1.15.1 > > > >> [ ] +0 no opinion > > > >> [ ] -1 Do not release this package because... > > > >> > > > >