You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@nifi.apache.org by Joe Witt <jo...@apache.org> on 2021/12/15 03:34:54 UTC

[VOTE] Release Apache NiFi 1.15.1 (rc1)

Hello,

I am pleased to be calling this vote for the source release of Apache
NiFi 1.15.1.

This vote, unlike most, is purely stability and security focused.
This vote is rooted
in a prompt response to the 'log4shell' vulnerability and related
logging announcements.
It also includes other easy to incorporate bugs and improvements.  It
should be easy to
upgrade from any 1.15 install to this and just as easy as it was to go
from pre 1.15 to
this 1.15.1.

The source zip, including signatures, digests, etc. can be found at:
https://repository.apache.org/content/repositories/orgapachenifi-1192

The source being voted upon and the convenience binaries can be found at:
https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/

A helpful reminder on how the release candidate verification process works:
https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate

The Git tag is nifi-1.15.1-RC1
The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02
https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02

Checksums of nifi-1.15.1-source-release.zip:
SHA256: 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52
SHA512: 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039

Release artifacts are signed with the following key:
https://people.apache.org/keys/committer/joewitt.asc

KEYS file available here:
https://dist.apache.org/repos/dist/release/nifi/KEYS

45 issues were closed/resolved for this release:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055

Release note highlights can be found here:
https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1

Given the nature of the vote being about a prompt release to remove vulnerable
logging related libraries the vote will be open for 24 hours (instead
of the normal 72 hours).

Please download the release candidate and evaluate the necessary items
including checking hashes, signatures, build from source, and test.
Then please vote:

[ ] +1 Release this package as nifi-1.15.1
[ ] +0 no opinion
[ ] -1 Do not release this package because...

Re: [RESULT][VOTE] Release Apache NiFi 1.15.1 (rc1)

Posted by Nathan Gough <th...@gmail.com>.

Little bit late but +1 non binding, verified the hashes and tested a secure
cluster + secure external ZK and some data flows.

On Wed, Dec 15, 2021 at 2:31 PM Joe Witt <jo...@gmail.com> wrote:

> Apache NiFi Community,
>
> I am pleased to announce that the 1.15.1 release of Apache NiFi passes with
>     6 +1 (binding) votes
>     3 +1 (non-binding) votes
>     0 0 votes
>     0 -1 votes (non-binding) votes
>
> Thank you all for quickly making this release and vote work out so
> quickly.  It was a shortened 24 hour vote which I'm closing a bit
> early given the language found in policy
> https://www.apache.org/foundation/voting.html#ReleaseVotes.  Doing
> this promptly to get a clear/precise answer to the growing emails,
> slack messages, and JIRAs on this topic.
>
> Here is the PMC vote thread:
> https://lists.apache.org/thread/4ypxoxv2fnlh6wm0njjhxvxnfo846330
>
>
>
> On Wed, Dec 15, 2021 at 12:26 PM Joe Witt <jo...@gmail.com> wrote:
> >
> > +1 binding
> >
> > On Wed, Dec 15, 2021 at 12:25 PM Mark Payne <ma...@hotmail.com>
> wrote:
> > >
> > > +1 (binding)
> > >
> > > Was able to verify hash & signature.
> > > Completed full build w/ all unit tests
> > > Ran system tests with all completing successfully
> > >
> > > Started a standalone instance with OOTB config and verified all was ok
> > >
> > > Started a secure cluster and ran some dummy flows to ensure that data
> was processing as expected. Encountered no issues.
> > >
> > > Built a dataflow that unpacks the entire archive and recursively
> unpacks all nars, jars, tars, gzip, zip, etc. and looks for any
> JndiLookup.class files. This way, even if a log4j dependency were shaded,
> it would still be flagged. Was able to find that older builds have several
> NARs packaged that had a JndiLookup.class but can confirm that this build
> contains no instances of it.
> > >
> > > Thanks for turning around the RC and the vote and performing the RM
> duties so quickly Joe!
> > >
> > > -Mark
> > >
> > >
> > > > On Dec 15, 2021, at 2:02 PM, Joe Gresock <jg...@gmail.com> wrote:
> > > >
> > > > +1 (non-binding) -- ran through the release guide and ran a basic
> flow with
> > > > no problems
> > > >
> > > > On Tue, Dec 14, 2021 at 10:35 PM Joe Witt <jo...@apache.org>
> wrote:
> > > >
> > > >> Hello,
> > > >>
> > > >> I am pleased to be calling this vote for the source release of
> Apache
> > > >> NiFi 1.15.1.
> > > >>
> > > >> This vote, unlike most, is purely stability and security focused.
> > > >> This vote is rooted
> > > >> in a prompt response to the 'log4shell' vulnerability and related
> > > >> logging announcements.
> > > >> It also includes other easy to incorporate bugs and improvements.
> It
> > > >> should be easy to
> > > >> upgrade from any 1.15 install to this and just as easy as it was to
> go
> > > >> from pre 1.15 to
> > > >> this 1.15.1.
> > > >>
> > > >> The source zip, including signatures, digests, etc. can be found at:
> > > >>
> https://repository.apache.org/content/repositories/orgapachenifi-1192
> > > >>
> > > >> The source being voted upon and the convenience binaries can be
> found at:
> > > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/
> > > >>
> > > >> A helpful reminder on how the release candidate verification
> process works:
> > > >>
> > > >>
> https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate
> > > >>
> > > >> The Git tag is nifi-1.15.1-RC1
> > > >> The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02
> > > >>
> > > >>
> https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02
> > > >>
> > > >> Checksums of nifi-1.15.1-source-release.zip:
> > > >> SHA256:
> 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52
> > > >> SHA512:
> > > >>
> 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039
> > > >>
> > > >> Release artifacts are signed with the following key:
> > > >> https://people.apache.org/keys/committer/joewitt.asc
> > > >>
> > > >> KEYS file available here:
> > > >> https://dist.apache.org/repos/dist/release/nifi/KEYS
> > > >>
> > > >> 45 issues were closed/resolved for this release:
> > > >>
> > > >>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055
> > > >>
> > > >> Release note highlights can be found here:
> > > >>
> > > >>
> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1
> > > >>
> > > >> Given the nature of the vote being about a prompt release to remove
> > > >> vulnerable
> > > >> logging related libraries the vote will be open for 24 hours
> (instead
> > > >> of the normal 72 hours).
> > > >>
> > > >> Please download the release candidate and evaluate the necessary
> items
> > > >> including checking hashes, signatures, build from source, and test.
> > > >> Then please vote:
> > > >>
> > > >> [ ] +1 Release this package as nifi-1.15.1
> > > >> [ ] +0 no opinion
> > > >> [ ] -1 Do not release this package because...
> > > >>
> > >
>

[RESULT][VOTE] Release Apache NiFi 1.15.1 (rc1)

Posted by Joe Witt <jo...@gmail.com>.

Apache NiFi Community,

I am pleased to announce that the 1.15.1 release of Apache NiFi passes with
    6 +1 (binding) votes
    3 +1 (non-binding) votes
    0 0 votes
    0 -1 votes (non-binding) votes

Thank you all for quickly making this release and vote work out so
quickly.  It was a shortened 24 hour vote which I'm closing a bit
early given the language found in policy
https://www.apache.org/foundation/voting.html#ReleaseVotes.  Doing
this promptly to get a clear/precise answer to the growing emails,
slack messages, and JIRAs on this topic.

Here is the PMC vote thread:
https://lists.apache.org/thread/4ypxoxv2fnlh6wm0njjhxvxnfo846330



On Wed, Dec 15, 2021 at 12:26 PM Joe Witt <jo...@gmail.com> wrote:
>
> +1 binding
>
> On Wed, Dec 15, 2021 at 12:25 PM Mark Payne <ma...@hotmail.com> wrote:
> >
> > +1 (binding)
> >
> > Was able to verify hash & signature.
> > Completed full build w/ all unit tests
> > Ran system tests with all completing successfully
> >
> > Started a standalone instance with OOTB config and verified all was ok
> >
> > Started a secure cluster and ran some dummy flows to ensure that data was processing as expected. Encountered no issues.
> >
> > Built a dataflow that unpacks the entire archive and recursively unpacks all nars, jars, tars, gzip, zip, etc. and looks for any JndiLookup.class files. This way, even if a log4j dependency were shaded, it would still be flagged. Was able to find that older builds have several NARs packaged that had a JndiLookup.class but can confirm that this build contains no instances of it.
> >
> > Thanks for turning around the RC and the vote and performing the RM duties so quickly Joe!
> >
> > -Mark
> >
> >
> > > On Dec 15, 2021, at 2:02 PM, Joe Gresock <jg...@gmail.com> wrote:
> > >
> > > +1 (non-binding) -- ran through the release guide and ran a basic flow with
> > > no problems
> > >
> > > On Tue, Dec 14, 2021 at 10:35 PM Joe Witt <jo...@apache.org> wrote:
> > >
> > >> Hello,
> > >>
> > >> I am pleased to be calling this vote for the source release of Apache
> > >> NiFi 1.15.1.
> > >>
> > >> This vote, unlike most, is purely stability and security focused.
> > >> This vote is rooted
> > >> in a prompt response to the 'log4shell' vulnerability and related
> > >> logging announcements.
> > >> It also includes other easy to incorporate bugs and improvements.  It
> > >> should be easy to
> > >> upgrade from any 1.15 install to this and just as easy as it was to go
> > >> from pre 1.15 to
> > >> this 1.15.1.
> > >>
> > >> The source zip, including signatures, digests, etc. can be found at:
> > >> https://repository.apache.org/content/repositories/orgapachenifi-1192
> > >>
> > >> The source being voted upon and the convenience binaries can be found at:
> > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/
> > >>
> > >> A helpful reminder on how the release candidate verification process works:
> > >>
> > >> https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate
> > >>
> > >> The Git tag is nifi-1.15.1-RC1
> > >> The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02
> > >>
> > >> https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02
> > >>
> > >> Checksums of nifi-1.15.1-source-release.zip:
> > >> SHA256: 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52
> > >> SHA512:
> > >> 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039
> > >>
> > >> Release artifacts are signed with the following key:
> > >> https://people.apache.org/keys/committer/joewitt.asc
> > >>
> > >> KEYS file available here:
> > >> https://dist.apache.org/repos/dist/release/nifi/KEYS
> > >>
> > >> 45 issues were closed/resolved for this release:
> > >>
> > >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055
> > >>
> > >> Release note highlights can be found here:
> > >>
> > >> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1
> > >>
> > >> Given the nature of the vote being about a prompt release to remove
> > >> vulnerable
> > >> logging related libraries the vote will be open for 24 hours (instead
> > >> of the normal 72 hours).
> > >>
> > >> Please download the release candidate and evaluate the necessary items
> > >> including checking hashes, signatures, build from source, and test.
> > >> Then please vote:
> > >>
> > >> [ ] +1 Release this package as nifi-1.15.1
> > >> [ ] +0 no opinion
> > >> [ ] -1 Do not release this package because...
> > >>
> >

Re: [VOTE] Release Apache NiFi 1.15.1 (rc1)

Posted by Joe Witt <jo...@gmail.com>.

+1 binding

On Wed, Dec 15, 2021 at 12:25 PM Mark Payne <ma...@hotmail.com> wrote:
>
> +1 (binding)
>
> Was able to verify hash & signature.
> Completed full build w/ all unit tests
> Ran system tests with all completing successfully
>
> Started a standalone instance with OOTB config and verified all was ok
>
> Started a secure cluster and ran some dummy flows to ensure that data was processing as expected. Encountered no issues.
>
> Built a dataflow that unpacks the entire archive and recursively unpacks all nars, jars, tars, gzip, zip, etc. and looks for any JndiLookup.class files. This way, even if a log4j dependency were shaded, it would still be flagged. Was able to find that older builds have several NARs packaged that had a JndiLookup.class but can confirm that this build contains no instances of it.
>
> Thanks for turning around the RC and the vote and performing the RM duties so quickly Joe!
>
> -Mark
>
>
> > On Dec 15, 2021, at 2:02 PM, Joe Gresock <jg...@gmail.com> wrote:
> >
> > +1 (non-binding) -- ran through the release guide and ran a basic flow with
> > no problems
> >
> > On Tue, Dec 14, 2021 at 10:35 PM Joe Witt <jo...@apache.org> wrote:
> >
> >> Hello,
> >>
> >> I am pleased to be calling this vote for the source release of Apache
> >> NiFi 1.15.1.
> >>
> >> This vote, unlike most, is purely stability and security focused.
> >> This vote is rooted
> >> in a prompt response to the 'log4shell' vulnerability and related
> >> logging announcements.
> >> It also includes other easy to incorporate bugs and improvements.  It
> >> should be easy to
> >> upgrade from any 1.15 install to this and just as easy as it was to go
> >> from pre 1.15 to
> >> this 1.15.1.
> >>
> >> The source zip, including signatures, digests, etc. can be found at:
> >> https://repository.apache.org/content/repositories/orgapachenifi-1192
> >>
> >> The source being voted upon and the convenience binaries can be found at:
> >> https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/
> >>
> >> A helpful reminder on how the release candidate verification process works:
> >>
> >> https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate
> >>
> >> The Git tag is nifi-1.15.1-RC1
> >> The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02
> >>
> >> https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02
> >>
> >> Checksums of nifi-1.15.1-source-release.zip:
> >> SHA256: 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52
> >> SHA512:
> >> 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039
> >>
> >> Release artifacts are signed with the following key:
> >> https://people.apache.org/keys/committer/joewitt.asc
> >>
> >> KEYS file available here:
> >> https://dist.apache.org/repos/dist/release/nifi/KEYS
> >>
> >> 45 issues were closed/resolved for this release:
> >>
> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055
> >>
> >> Release note highlights can be found here:
> >>
> >> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1
> >>
> >> Given the nature of the vote being about a prompt release to remove
> >> vulnerable
> >> logging related libraries the vote will be open for 24 hours (instead
> >> of the normal 72 hours).
> >>
> >> Please download the release candidate and evaluate the necessary items
> >> including checking hashes, signatures, build from source, and test.
> >> Then please vote:
> >>
> >> [ ] +1 Release this package as nifi-1.15.1
> >> [ ] +0 no opinion
> >> [ ] -1 Do not release this package because...
> >>
>

Re: [VOTE] Release Apache NiFi 1.15.1 (rc1)

Posted by Mark Payne <ma...@hotmail.com>.

+1 (binding)

Was able to verify hash & signature.
Completed full build w/ all unit tests
Ran system tests with all completing successfully

Started a standalone instance with OOTB config and verified all was ok

Started a secure cluster and ran some dummy flows to ensure that data was processing as expected. Encountered no issues.

Built a dataflow that unpacks the entire archive and recursively unpacks all nars, jars, tars, gzip, zip, etc. and looks for any JndiLookup.class files. This way, even if a log4j dependency were shaded, it would still be flagged. Was able to find that older builds have several NARs packaged that had a JndiLookup.class but can confirm that this build contains no instances of it.

Thanks for turning around the RC and the vote and performing the RM duties so quickly Joe!

-Mark


> On Dec 15, 2021, at 2:02 PM, Joe Gresock <jg...@gmail.com> wrote:
> 
> +1 (non-binding) -- ran through the release guide and ran a basic flow with
> no problems
> 
> On Tue, Dec 14, 2021 at 10:35 PM Joe Witt <jo...@apache.org> wrote:
> 
>> Hello,
>> 
>> I am pleased to be calling this vote for the source release of Apache
>> NiFi 1.15.1.
>> 
>> This vote, unlike most, is purely stability and security focused.
>> This vote is rooted
>> in a prompt response to the 'log4shell' vulnerability and related
>> logging announcements.
>> It also includes other easy to incorporate bugs and improvements.  It
>> should be easy to
>> upgrade from any 1.15 install to this and just as easy as it was to go
>> from pre 1.15 to
>> this 1.15.1.
>> 
>> The source zip, including signatures, digests, etc. can be found at:
>> https://repository.apache.org/content/repositories/orgapachenifi-1192
>> 
>> The source being voted upon and the convenience binaries can be found at:
>> https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/
>> 
>> A helpful reminder on how the release candidate verification process works:
>> 
>> https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate
>> 
>> The Git tag is nifi-1.15.1-RC1
>> The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02
>> 
>> https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02
>> 
>> Checksums of nifi-1.15.1-source-release.zip:
>> SHA256: 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52
>> SHA512:
>> 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039
>> 
>> Release artifacts are signed with the following key:
>> https://people.apache.org/keys/committer/joewitt.asc
>> 
>> KEYS file available here:
>> https://dist.apache.org/repos/dist/release/nifi/KEYS
>> 
>> 45 issues were closed/resolved for this release:
>> 
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055
>> 
>> Release note highlights can be found here:
>> 
>> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1
>> 
>> Given the nature of the vote being about a prompt release to remove
>> vulnerable
>> logging related libraries the vote will be open for 24 hours (instead
>> of the normal 72 hours).
>> 
>> Please download the release candidate and evaluate the necessary items
>> including checking hashes, signatures, build from source, and test.
>> Then please vote:
>> 
>> [ ] +1 Release this package as nifi-1.15.1
>> [ ] +0 no opinion
>> [ ] -1 Do not release this package because...
>>

Re: [VOTE] Release Apache NiFi 1.15.1 (rc1)

Posted by Joe Gresock <jg...@gmail.com>.

+1 (non-binding) -- ran through the release guide and ran a basic flow with
no problems

On Tue, Dec 14, 2021 at 10:35 PM Joe Witt <jo...@apache.org> wrote:

> Hello,
>
> I am pleased to be calling this vote for the source release of Apache
> NiFi 1.15.1.
>
> This vote, unlike most, is purely stability and security focused.
> This vote is rooted
> in a prompt response to the 'log4shell' vulnerability and related
> logging announcements.
> It also includes other easy to incorporate bugs and improvements.  It
> should be easy to
> upgrade from any 1.15 install to this and just as easy as it was to go
> from pre 1.15 to
> this 1.15.1.
>
> The source zip, including signatures, digests, etc. can be found at:
> https://repository.apache.org/content/repositories/orgapachenifi-1192
>
> The source being voted upon and the convenience binaries can be found at:
> https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/
>
> A helpful reminder on how the release candidate verification process works:
>
> https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate
>
> The Git tag is nifi-1.15.1-RC1
> The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02
>
> https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02
>
> Checksums of nifi-1.15.1-source-release.zip:
> SHA256: 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52
> SHA512:
> 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039
>
> Release artifacts are signed with the following key:
> https://people.apache.org/keys/committer/joewitt.asc
>
> KEYS file available here:
> https://dist.apache.org/repos/dist/release/nifi/KEYS
>
> 45 issues were closed/resolved for this release:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055
>
> Release note highlights can be found here:
>
> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1
>
> Given the nature of the vote being about a prompt release to remove
> vulnerable
> logging related libraries the vote will be open for 24 hours (instead
> of the normal 72 hours).
>
> Please download the release candidate and evaluate the necessary items
> including checking hashes, signatures, build from source, and test.
> Then please vote:
>
> [ ] +1 Release this package as nifi-1.15.1
> [ ] +0 no opinion
> [ ] -1 Do not release this package because...
>

Re: [VOTE] Release Apache NiFi 1.15.1 (rc1)

Posted by Matt Burgess <ma...@apache.org>.

+1 (binding)

Ran through release helper, tested various flows and components
including LogAttribute, InvokeScriptedProcessor, etc. Everything looks
good. Thanks for RM'ing and the quick turnaround Joe!

On Tue, Dec 14, 2021 at 10:35 PM Joe Witt <jo...@apache.org> wrote:
>
> Hello,
>
> I am pleased to be calling this vote for the source release of Apache
> NiFi 1.15.1.
>
> This vote, unlike most, is purely stability and security focused.
> This vote is rooted
> in a prompt response to the 'log4shell' vulnerability and related
> logging announcements.
> It also includes other easy to incorporate bugs and improvements.  It
> should be easy to
> upgrade from any 1.15 install to this and just as easy as it was to go
> from pre 1.15 to
> this 1.15.1.
>
> The source zip, including signatures, digests, etc. can be found at:
> https://repository.apache.org/content/repositories/orgapachenifi-1192
>
> The source being voted upon and the convenience binaries can be found at:
> https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/
>
> A helpful reminder on how the release candidate verification process works:
> https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate
>
> The Git tag is nifi-1.15.1-RC1
> The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02
> https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02
>
> Checksums of nifi-1.15.1-source-release.zip:
> SHA256: 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52
> SHA512: 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039
>
> Release artifacts are signed with the following key:
> https://people.apache.org/keys/committer/joewitt.asc
>
> KEYS file available here:
> https://dist.apache.org/repos/dist/release/nifi/KEYS
>
> 45 issues were closed/resolved for this release:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055
>
> Release note highlights can be found here:
> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1
>
> Given the nature of the vote being about a prompt release to remove vulnerable
> logging related libraries the vote will be open for 24 hours (instead
> of the normal 72 hours).
>
> Please download the release candidate and evaluate the necessary items
> including checking hashes, signatures, build from source, and test.
> Then please vote:
>
> [ ] +1 Release this package as nifi-1.15.1
> [ ] +0 no opinion
> [ ] -1 Do not release this package because...

Re: [VOTE] Release Apache NiFi 1.15.1 (rc1)

Posted by Chris Sampson <ch...@naimuri.com.INVALID>.

+1 (non-binding)

- ran through the release helper
- ran some simple flows with a couple of the new features/bug fixes to
verify

However, I note that there's a Dependabot notice in the GitHub repo
currently for log4j dependencies nested within the Elasticsearch NARs - it
may not be a problem, but thought worth pointing out.


---
*Chris Sampson*
IT Consultant
chris.sampson@naimuri.com


On Wed, 15 Dec 2021 at 09:57, Pierre Villard <pi...@gmail.com>
wrote:

> +1 (binding)
>
> Went through the usual steps.
> Thanks for taking care of this so quickly!
>
> Pierre
>
> Le mer. 15 déc. 2021 à 10:55, Kotaro Terada <ko...@apache.org> a écrit :
>
> > +1 (non-binding)
> >
> > - Verified signatures and hashes.
> > - Built from source with OpenJDK 8 and OpenJDK 11.
> > - Ran and tested a couple of flows.
> > - Checked the dependency does not include log4j less than 2.16.0.
> >
> > Thank you for managing the release, Joe!
> >
> > Thanks,
> > Kotaro
> >
> >
> > On Wed, Dec 15, 2021 at 12:35 PM Joe Witt <jo...@apache.org> wrote:
> >
> > > Hello,
> > >
> > > I am pleased to be calling this vote for the source release of Apache
> > > NiFi 1.15.1.
> > >
> > > This vote, unlike most, is purely stability and security focused.
> > > This vote is rooted
> > > in a prompt response to the 'log4shell' vulnerability and related
> > > logging announcements.
> > > It also includes other easy to incorporate bugs and improvements.  It
> > > should be easy to
> > > upgrade from any 1.15 install to this and just as easy as it was to go
> > > from pre 1.15 to
> > > this 1.15.1.
> > >
> > > The source zip, including signatures, digests, etc. can be found at:
> > > https://repository.apache.org/content/repositories/orgapachenifi-1192
> > >
> > > The source being voted upon and the convenience binaries can be found
> at:
> > > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/
> > >
> > > A helpful reminder on how the release candidate verification process
> > works:
> > >
> > >
> >
> https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate
> > >
> > > The Git tag is nifi-1.15.1-RC1
> > > The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02
> > >
> > >
> >
> https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02
> > >
> > > Checksums of nifi-1.15.1-source-release.zip:
> > > SHA256:
> 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52
> > > SHA512:
> > >
> >
> 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039
> > >
> > > Release artifacts are signed with the following key:
> > > https://people.apache.org/keys/committer/joewitt.asc
> > >
> > > KEYS file available here:
> > > https://dist.apache.org/repos/dist/release/nifi/KEYS
> > >
> > > 45 issues were closed/resolved for this release:
> > >
> > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055
> > >
> > > Release note highlights can be found here:
> > >
> > >
> >
> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1
> > >
> > > Given the nature of the vote being about a prompt release to remove
> > > vulnerable
> > > logging related libraries the vote will be open for 24 hours (instead
> > > of the normal 72 hours).
> > >
> > > Please download the release candidate and evaluate the necessary items
> > > including checking hashes, signatures, build from source, and test.
> > > Then please vote:
> > >
> > > [ ] +1 Release this package as nifi-1.15.1
> > > [ ] +0 no opinion
> > > [ ] -1 Do not release this package because...
> > >
> >
>

Re: [VOTE] Release Apache NiFi 1.15.1 (rc1)

Posted by Pierre Villard <pi...@gmail.com>.

+1 (binding)

Went through the usual steps.
Thanks for taking care of this so quickly!

Pierre

Le mer. 15 déc. 2021 à 10:55, Kotaro Terada <ko...@apache.org> a écrit :

> +1 (non-binding)
>
> - Verified signatures and hashes.
> - Built from source with OpenJDK 8 and OpenJDK 11.
> - Ran and tested a couple of flows.
> - Checked the dependency does not include log4j less than 2.16.0.
>
> Thank you for managing the release, Joe!
>
> Thanks,
> Kotaro
>
>
> On Wed, Dec 15, 2021 at 12:35 PM Joe Witt <jo...@apache.org> wrote:
>
> > Hello,
> >
> > I am pleased to be calling this vote for the source release of Apache
> > NiFi 1.15.1.
> >
> > This vote, unlike most, is purely stability and security focused.
> > This vote is rooted
> > in a prompt response to the 'log4shell' vulnerability and related
> > logging announcements.
> > It also includes other easy to incorporate bugs and improvements.  It
> > should be easy to
> > upgrade from any 1.15 install to this and just as easy as it was to go
> > from pre 1.15 to
> > this 1.15.1.
> >
> > The source zip, including signatures, digests, etc. can be found at:
> > https://repository.apache.org/content/repositories/orgapachenifi-1192
> >
> > The source being voted upon and the convenience binaries can be found at:
> > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/
> >
> > A helpful reminder on how the release candidate verification process
> works:
> >
> >
> https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate
> >
> > The Git tag is nifi-1.15.1-RC1
> > The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02
> >
> >
> https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02
> >
> > Checksums of nifi-1.15.1-source-release.zip:
> > SHA256: 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52
> > SHA512:
> >
> 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039
> >
> > Release artifacts are signed with the following key:
> > https://people.apache.org/keys/committer/joewitt.asc
> >
> > KEYS file available here:
> > https://dist.apache.org/repos/dist/release/nifi/KEYS
> >
> > 45 issues were closed/resolved for this release:
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055
> >
> > Release note highlights can be found here:
> >
> >
> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1
> >
> > Given the nature of the vote being about a prompt release to remove
> > vulnerable
> > logging related libraries the vote will be open for 24 hours (instead
> > of the normal 72 hours).
> >
> > Please download the release candidate and evaluate the necessary items
> > including checking hashes, signatures, build from source, and test.
> > Then please vote:
> >
> > [ ] +1 Release this package as nifi-1.15.1
> > [ ] +0 no opinion
> > [ ] -1 Do not release this package because...
> >
>

Re: [VOTE] Release Apache NiFi 1.15.1 (rc1)

Posted by Kotaro Terada <ko...@apache.org>.

+1 (non-binding)

- Verified signatures and hashes.
- Built from source with OpenJDK 8 and OpenJDK 11.
- Ran and tested a couple of flows.
- Checked the dependency does not include log4j less than 2.16.0.

Thank you for managing the release, Joe!

Thanks,
Kotaro


On Wed, Dec 15, 2021 at 12:35 PM Joe Witt <jo...@apache.org> wrote:

> Hello,
>
> I am pleased to be calling this vote for the source release of Apache
> NiFi 1.15.1.
>
> This vote, unlike most, is purely stability and security focused.
> This vote is rooted
> in a prompt response to the 'log4shell' vulnerability and related
> logging announcements.
> It also includes other easy to incorporate bugs and improvements.  It
> should be easy to
> upgrade from any 1.15 install to this and just as easy as it was to go
> from pre 1.15 to
> this 1.15.1.
>
> The source zip, including signatures, digests, etc. can be found at:
> https://repository.apache.org/content/repositories/orgapachenifi-1192
>
> The source being voted upon and the convenience binaries can be found at:
> https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/
>
> A helpful reminder on how the release candidate verification process works:
>
> https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate
>
> The Git tag is nifi-1.15.1-RC1
> The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02
>
> https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02
>
> Checksums of nifi-1.15.1-source-release.zip:
> SHA256: 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52
> SHA512:
> 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039
>
> Release artifacts are signed with the following key:
> https://people.apache.org/keys/committer/joewitt.asc
>
> KEYS file available here:
> https://dist.apache.org/repos/dist/release/nifi/KEYS
>
> 45 issues were closed/resolved for this release:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055
>
> Release note highlights can be found here:
>
> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1
>
> Given the nature of the vote being about a prompt release to remove
> vulnerable
> logging related libraries the vote will be open for 24 hours (instead
> of the normal 72 hours).
>
> Please download the release candidate and evaluate the necessary items
> including checking hashes, signatures, build from source, and test.
> Then please vote:
>
> [ ] +1 Release this package as nifi-1.15.1
> [ ] +0 no opinion
> [ ] -1 Do not release this package because...
>

Re: [VOTE] Release Apache NiFi 1.15.1 (rc1)

Posted by Marton Szasz <sz...@apache.org>.

+1 (binding)
Went through the release helper guide, tested with a simple flow.
Thanks for rapidly preparing a release!

Marton

On Wed, 15 Dec 2021 at 16:59, Matt Gilman <ma...@gmail.com> wrote:
>
> +1 (binding)
>
> Ran through the release helper. Looks great.
>
> Thanks for RMing Joe!
>
> On Tue, Dec 14, 2021 at 10:35 PM Joe Witt <jo...@apache.org> wrote:
>
> > Hello,
> >
> > I am pleased to be calling this vote for the source release of Apache
> > NiFi 1.15.1.
> >
> > This vote, unlike most, is purely stability and security focused.
> > This vote is rooted
> > in a prompt response to the 'log4shell' vulnerability and related
> > logging announcements.
> > It also includes other easy to incorporate bugs and improvements.  It
> > should be easy to
> > upgrade from any 1.15 install to this and just as easy as it was to go
> > from pre 1.15 to
> > this 1.15.1.
> >
> > The source zip, including signatures, digests, etc. can be found at:
> > https://repository.apache.org/content/repositories/orgapachenifi-1192
> >
> > The source being voted upon and the convenience binaries can be found at:
> > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/
> >
> > A helpful reminder on how the release candidate verification process works:
> >
> > https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate
> >
> > The Git tag is nifi-1.15.1-RC1
> > The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02
> >
> > https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02
> >
> > Checksums of nifi-1.15.1-source-release.zip:
> > SHA256: 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52
> > SHA512:
> > 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039
> >
> > Release artifacts are signed with the following key:
> > https://people.apache.org/keys/committer/joewitt.asc
> >
> > KEYS file available here:
> > https://dist.apache.org/repos/dist/release/nifi/KEYS
> >
> > 45 issues were closed/resolved for this release:
> >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055
> >
> > Release note highlights can be found here:
> >
> > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1
> >
> > Given the nature of the vote being about a prompt release to remove
> > vulnerable
> > logging related libraries the vote will be open for 24 hours (instead
> > of the normal 72 hours).
> >
> > Please download the release candidate and evaluate the necessary items
> > including checking hashes, signatures, build from source, and test.
> > Then please vote:
> >
> > [ ] +1 Release this package as nifi-1.15.1
> > [ ] +0 no opinion
> > [ ] -1 Do not release this package because...
> >

Re: [VOTE] Release Apache NiFi 1.15.1 (rc1)

Posted by Matt Gilman <ma...@gmail.com>.

+1 (binding)

Ran through the release helper. Looks great.

Thanks for RMing Joe!

On Tue, Dec 14, 2021 at 10:35 PM Joe Witt <jo...@apache.org> wrote:

> Hello,
>
> I am pleased to be calling this vote for the source release of Apache
> NiFi 1.15.1.
>
> This vote, unlike most, is purely stability and security focused.
> This vote is rooted
> in a prompt response to the 'log4shell' vulnerability and related
> logging announcements.
> It also includes other easy to incorporate bugs and improvements.  It
> should be easy to
> upgrade from any 1.15 install to this and just as easy as it was to go
> from pre 1.15 to
> this 1.15.1.
>
> The source zip, including signatures, digests, etc. can be found at:
> https://repository.apache.org/content/repositories/orgapachenifi-1192
>
> The source being voted upon and the convenience binaries can be found at:
> https://dist.apache.org/repos/dist/dev/nifi/nifi-1.15.1/
>
> A helpful reminder on how the release candidate verification process works:
>
> https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate
>
> The Git tag is nifi-1.15.1-RC1
> The Git commit ID is 2a756372fc7097ece6258c2af47b9a5f26384b02
>
> https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=2a756372fc7097ece6258c2af47b9a5f26384b02
>
> Checksums of nifi-1.15.1-source-release.zip:
> SHA256: 83d06011f0d2608d2d9cf951deae04d7b0921f2a7c8b1052ca9d058cf46b7d52
> SHA512:
> 009161e81e207a16060d9efd37e9b9abd1c1d5b5d57024a2b4c0d0ea17050f65b3a025632718161cba41948fe51d93aed65a4daba2542fce4da51d0184872039
>
> Release artifacts are signed with the following key:
> https://people.apache.org/keys/committer/joewitt.asc
>
> KEYS file available here:
> https://dist.apache.org/repos/dist/release/nifi/KEYS
>
> 45 issues were closed/resolved for this release:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12351055
>
> Release note highlights can be found here:
>
> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.15.1
>
> Given the nature of the vote being about a prompt release to remove
> vulnerable
> logging related libraries the vote will be open for 24 hours (instead
> of the normal 72 hours).
>
> Please download the release candidate and evaluate the necessary items
> including checking hashes, signatures, build from source, and test.
> Then please vote:
>
> [ ] +1 Release this package as nifi-1.15.1
> [ ] +0 no opinion
> [ ] -1 Do not release this package because...
>