+1 (binding) - Verified hashes and signatures - Built from source on Ubuntu 21.10 Azul Zulu 1.8.0.312 - Ran NiFi on Azul Zulu 1.8.0.312 - Verified Single User Authentication and credentials configuration
- NIFI-9483 Verified the absence of Apache Log4j 2 log4j-core in binary distribution - NIFI-9491 Verified the absence of Apache commons-logging in binary distribution - NIFI-9497 Verified Bouncy Castle libraries upgraded to 1.70 - NIFI-9505 Verified Apache Log4j 2 log4-api upgraded to 2.17.0 - NIFI-9507 Verified that SFTP processors stop Keep Alive Threads on failures and run when expected - NIFI-9509 Verified successful SFTP retrieval and renaming using AWS Transfer Family SFTP Server as well as Linux OpenSSH Server Thanks for the quick turnaround on this release Joe! Regards, David Handermann On Tue, Dec 21, 2021 at 8:19 PM Mark Payne <marka...@hotmail.com> wrote: > +1 (binding) > > Verified hashes > Verified signature > Performed full build & verified all unit tests on OS X, OpenJDK 1.8.0 u265 > Successfully ran all 128 System Tests > > Started single standalone instance and verified a few different flows > > Started a two-node secured cluster, did basic verification of permissions, > dataflow running, etc. > > Verified that the convenience binary does not contain the log4j jar in the > lib/ directory or packaged in any NAR. > Verified that the convenience binary does not contain the JndiLookup class > (shaded or otherwise) > > Thanks for putting together another RC Joe! > > Thanks > -Mark > > > On Dec 21, 2021, at 5:51 PM, Joe Witt <joew...@apache.org> wrote: > > > > Hello, > > > > I am pleased to be calling this vote for the source release of Apache > > NiFi 1.15.2. > > > > This vote is purely bug fix and security focused. This is a > > continuation of our efforts to promptly and thoroughly respond to > > log4shell and related concerns. > > > > The source zip, including signatures, digests, etc. can be found at: > > https://repository.apache.org/content/repositories/orgapachenifi-1193 > > > > The source being voted upon and the convenience binaries can be found at: > > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.2/ > > > > A helpful reminder on how the release candidate verification process > works: > > > https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate > > > > The Git tag is nifi-1.15.2-RC1 > > The Git commit ID is 1ea460b8556b07057366abb74a5552ace8946e87 > > > https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=1ea460b8556b07057366abb74a5552ace8946e87 > > > > Checksums of nifi-1.15.2-source-release.zip: > > SHA256: 29fcc35c81de80e0fe3f59044e6fbf21bcf523e656aa64914e7546e1d7705e6b > > SHA512: > cabd1f1ad4942a61df0400488d35521202598c217ad8da97dc2d5abe21136604d1f1bb3de9ceb63bb441943de2e29e3515f5cf63607080094e1418d79eb5216b > > > > Release artifacts are signed with the following key: > > https://people.apache.org/keys/committer/joewitt.asc > > > > KEYS file available here: > > https://dist.apache.org/repos/dist/release/nifi/KEYS > > > > 8 issues were closed/resolved for this release: > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351132 > > > > Release note highlights can be found here: > > > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.2 > > > > Given the nature of the vote and its limited scope > > the vote will be open for 24 hours or until we have sufficient > > votes (instead of the normal 72 hours). > > > > Please download the release candidate and evaluate the necessary items > > including checking hashes, signatures, build from source, and test. > > Then please vote: > > > > [ ] +1 Release this package as nifi-1.15.2 > > [ ] +0 no opinion > > [ ] -1 Do not release this package because... > >
