You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flink.apache.org by Igal Shilman <ig...@apache.org> on 2021/12/16 18:30:05 UTC

[DISCUSS] Immediate dedicated StateFun releases for log4j vulnerability

Hi All,

Following the recent Apache Flink releases due to the log4j vulnerability,
I'd like to propose an immediate StateFun release - 3.1.1.
This release is basically the same as 3.1 but updates the Flink dependency
to 1.13.3.

Please raise your concerns if any, otherwise we'll proceed with the release.

Thanks,
Igal.

Re: [DISCUSS] Immediate dedicated StateFun releases for log4j vulnerability

Posted by "Tzu-Li (Gordon) Tai" <tz...@apache.org>.

+1

On Thu, Dec 16, 2021, 10:30 Igal Shilman <ig...@apache.org> wrote:

> Hi All,
>
> Following the recent Apache Flink releases due to the log4j vulnerability,
> I'd like to propose an immediate StateFun release - 3.1.1.
> This release is basically the same as 3.1 but updates the Flink dependency
> to 1.13.3.
>
> Please raise your concerns if any, otherwise we'll proceed with the
> release.
>
> Thanks,
> Igal.
>

Re: [DISCUSS] Immediate dedicated StateFun releases for log4j vulnerability

Posted by Seth Wiesman <sj...@gmail.com>.

And I'm happy to help with the release.

On Thu, Dec 16, 2021 at 12:55 PM Seth Wiesman <sj...@gmail.com> wrote:

> +1
>
> On Thu, Dec 16, 2021 at 12:37 PM Igal Shilman <ig...@apache.org> wrote:
>
>> Hi All,
>>
>> Following the recent Apache Flink releases due to the log4j vulnerability,
>> I'd like to propose an immediate StateFun release - 3.1.1.
>> This release is basically the same as 3.1 but updates the Flink dependency
>> to 1.13.3.
>>
>> Please raise your concerns if any, otherwise we'll proceed with the
>> release.
>>
>> Thanks,
>> Igal.
>>
>

Re: [DISCUSS] Immediate dedicated StateFun releases for log4j vulnerability

Posted by Seth Wiesman <sj...@gmail.com>.

+1

On Thu, Dec 16, 2021 at 12:37 PM Igal Shilman <ig...@apache.org> wrote:

> Hi All,
>
> Following the recent Apache Flink releases due to the log4j vulnerability,
> I'd like to propose an immediate StateFun release - 3.1.1.
> This release is basically the same as 3.1 but updates the Flink dependency
> to 1.13.3.
>
> Please raise your concerns if any, otherwise we'll proceed with the
> release.
>
> Thanks,
> Igal.
>

Re: [DISCUSS] Immediate dedicated StateFun releases for log4j vulnerability

Posted by Till Rohrmann <tr...@apache.org>.

+1,

Cheers,
Till

On Thu, Dec 16, 2021 at 8:15 PM Chesnay Schepler <ch...@apache.org> wrote:

> +1
>
> On 16/12/2021 19:30, Igal Shilman wrote:
> > Hi All,
> >
> > Following the recent Apache Flink releases due to the log4j
> vulnerability,
> > I'd like to propose an immediate StateFun release - 3.1.1.
> > This release is basically the same as 3.1 but updates the Flink
> dependency
> > to 1.13.3.
> >
> > Please raise your concerns if any, otherwise we'll proceed with the
> release.
> >
> > Thanks,
> > Igal.
> >
>
>

Re: [DISCUSS] Immediate dedicated StateFun releases for log4j vulnerability

Posted by Chesnay Schepler <ch...@apache.org>.

+1

On 16/12/2021 19:30, Igal Shilman wrote:
> Hi All,
>
> Following the recent Apache Flink releases due to the log4j vulnerability,
> I'd like to propose an immediate StateFun release - 3.1.1.
> This release is basically the same as 3.1 but updates the Flink dependency
> to 1.13.3.
>
> Please raise your concerns if any, otherwise we'll proceed with the release.
>
> Thanks,
> Igal.
>