Team, Mike's PR got merged it looks like.
I'm initiating 1.16 RC. For all commits going forward please tag as fix version 1.17 https://issues.apache.org/jira/projects/NIFI/versions/12351438 If we have failed RC's i'll pull things into 1.16 as needed. Thanks On Wed, Mar 9, 2022 at 9:25 AM Joe Witt <joe.w...@gmail.com> wrote: > Mike > > I left a comment on the PR. But as usual with these releases there are > always things that are close/nearly there/just need a review/etc.. If that > or anything else lands by the time the RC is generated then we're good. > > Thanks > > On Wed, Mar 9, 2022 at 9:21 AM Mike Thomsen <mikerthom...@gmail.com> > wrote: > >> Joe, >> >> I would like to see this review closed out before a 1.16 RC if >> possible: https://github.com/apache/nifi/pull/4646 I think it's mainly >> waiting on someone to verify that all of the changes have been made. >> >> Thanks, >> >> Mike >> >> >> On Wed, Mar 9, 2022 at 10:54 AM Joe Witt <joe.w...@gmail.com> wrote: >> > >> > Mark >> > >> > The single user authorizer and default setup install is just to avoid >> > having wide open systems by default. So if you want to make changes to >> > security settings and do it right you dont' use that mode. Happy to >> have >> > improvements within that scope of intent but does not sound like >> anything >> > we'd wait for. When it lands it lands. >> > >> > Thanks >> > >> > On Wed, Mar 9, 2022 at 8:49 AM Mark Bean <mark.o.b...@gmail.com> wrote: >> > >> > > Joe, >> > > >> > > I just discovered an issue yesterday that might need attention first. >> I >> > > haven't investigated fully yet nor created a ticket because I don't >> yet >> > > fully understand it. However, it appears as though the >> > > single-user-authorizer may not be behaving as intended. When I updated >> > > nifi.properties to swap the self-signed, auto-generated keystore and >> > > truststore with "real" ones, single-user became _every_ user. My >> suspicion >> > > is that any user whose browser presents a cert that was signed by a >> CA in >> > > the truststore is allowed in - without even prompting for >> > > username/password. >> > > >> > > It may be considered a configuration error to allow this to happen. >> Still, >> > > this seems like extremely dangerous behavior. >> > > >> > > -Mark >> > > >> > > >> > > On Wed, Mar 9, 2022 at 10:42 AM Joe Witt <joe.w...@gmail.com> wrote: >> > > >> > > > Team >> > > > >> > > > We appear to be at a good point to start pulling together the >> release >> > > > candidate for 1.16. >> > > > >> > > > https://issues.apache.org/jira/projects/NIFI/versions/12350741 >> > > > >> > > > I'm basically waiting for >> > > https://issues.apache.org/jira/browse/NIFI-9761 >> > > > to land then will start pulling together the release. >> > > > >> > > > Thanks >> > > > >> > > > On Mon, Feb 14, 2022 at 11:18 AM Joe Witt <joe.w...@gmail.com> >> wrote: >> > > > >> > > > > Eduardo >> > > > > >> > > > > Getting reviewers on the UI/rest/front-end are among the toughest >> as >> > > > > there just aren't as many of those folks. >> > > > > >> > > > > The reply from Pierre was probably most telling. It looks fine but >> > > > > many of us would pause to merge without knowing precisely what the >> > > > > implications are. What happens on a taxed system with many >> > > > > CSs...I''ll comment on the PR. >> > > > > >> > > > > Thanks >> > > > > Joe >> > > > > >> > > > > On Mon, Feb 14, 2022 at 11:13 AM Eduardo Fontes >> > > > > <eduardo.fon...@gmail.com> wrote: >> > > > > > >> > > > > > Hi All, >> > > > > > >> > > > > > Is it possible to include >> > > > > https://issues.apache.org/jira/browse/NIFI-8927 >> > > > > > in release 1.16? >> > > > > > I've been asking for a review >> > > https://github.com/apache/nifi/pull/5247 >> > > > > > since AUG/2021 and I don't understand why nobody did it. It's a >> > > simple >> > > > > and >> > > > > > useful UI feature. >> > > > > > >> > > > > > Peace out. >> > > > > > Eduardo Fontes >> > > > > >> > > > >> > > >> >
