You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flink.apache.org by Chesnay Schepler <ch...@apache.org> on 2021/12/16 17:26:19 UTC
[ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
The Apache Flink community has released emergency bugfix versions of
Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
These releases include a version upgrade for Log4j to address
[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
We highly recommend all users to upgrade to the respective patch release.
The releases are available for download at:
https://flink.apache.org/downloads.html
Please check out the release blog post for further details:
https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
Regards,
Chesnay
Re: [ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by Till Rohrmann <tr...@apache.org>.
Thanks a lot for driving these releases Chesnay! This is super helpful for
the community.
For the synchronization problem, I guess we just have to wait a bit longer.
Cheers,
Till
On Fri, Dec 17, 2021 at 7:39 AM Leonard Xu <xb...@gmail.com> wrote:
> I guess this is related to publishers everywhere are updating their
> artifacts in response to the log4shell vulnerability[1].
>
> All we can do and need to do is wait. ☕️
>
> Best,
> Leonard
> [1] https://issues.sonatype.org/browse/OSSRH-76300 <
> https://issues.sonatype.org/browse/OSSRH-76300>
>
>
>
> > 2021年12月17日 下午2:21,Jingsong Li <ji...@gmail.com> 写道:
> >
> > Not found in
> https://repo1.maven.org/maven2/org/apache/flink/flink-table-api-java/
> >
> > I guess too many people sent versions, resulting in maven central
> > repository synchronization being slower.....
> >
> > Best,
> > Jingsong
> >
> > On Fri, Dec 17, 2021 at 2:00 PM casel.chen <ca...@126.com> wrote:
> >>
> >> I can NOT find flink 1.13.5 related jar in maven central repository,
> did you upload them onto there already? Thanks!
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> At 2021-12-17 01:26:19, "Chesnay Schepler" <ch...@apache.org> wrote:
> >>> The Apache Flink community has released emergency bugfix versions of
> >>> Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
> >>>
> >>> These releases include a version upgrade for Log4j to address
> >>> [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
> >>> [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
> >>>
> >>> We highly recommend all users to upgrade to the respective patch
> release.
> >>>
> >>> The releases are available for download at:
> >>> https://flink.apache.org/downloads.html
> >>>
> >>> Please check out the release blog post for further details:
> >>> https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
> >>>
> >>>
> >>> Regards,
> >>> Chesnay
> >>
> >>
> >>
> >>
> >
> >
> >
> > --
> > Best, Jingsong Lee
>
>
Re: [ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by Till Rohrmann <tr...@apache.org>.
Thanks a lot for driving these releases Chesnay! This is super helpful for
the community.
For the synchronization problem, I guess we just have to wait a bit longer.
Cheers,
Till
On Fri, Dec 17, 2021 at 7:39 AM Leonard Xu <xb...@gmail.com> wrote:
> I guess this is related to publishers everywhere are updating their
> artifacts in response to the log4shell vulnerability[1].
>
> All we can do and need to do is wait. ☕️
>
> Best,
> Leonard
> [1] https://issues.sonatype.org/browse/OSSRH-76300 <
> https://issues.sonatype.org/browse/OSSRH-76300>
>
>
>
> > 2021年12月17日 下午2:21,Jingsong Li <ji...@gmail.com> 写道:
> >
> > Not found in
> https://repo1.maven.org/maven2/org/apache/flink/flink-table-api-java/
> >
> > I guess too many people sent versions, resulting in maven central
> > repository synchronization being slower.....
> >
> > Best,
> > Jingsong
> >
> > On Fri, Dec 17, 2021 at 2:00 PM casel.chen <ca...@126.com> wrote:
> >>
> >> I can NOT find flink 1.13.5 related jar in maven central repository,
> did you upload them onto there already? Thanks!
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> At 2021-12-17 01:26:19, "Chesnay Schepler" <ch...@apache.org> wrote:
> >>> The Apache Flink community has released emergency bugfix versions of
> >>> Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
> >>>
> >>> These releases include a version upgrade for Log4j to address
> >>> [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
> >>> [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
> >>>
> >>> We highly recommend all users to upgrade to the respective patch
> release.
> >>>
> >>> The releases are available for download at:
> >>> https://flink.apache.org/downloads.html
> >>>
> >>> Please check out the release blog post for further details:
> >>> https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
> >>>
> >>>
> >>> Regards,
> >>> Chesnay
> >>
> >>
> >>
> >>
> >
> >
> >
> > --
> > Best, Jingsong Lee
>
>
Re: [ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by Leonard Xu <xb...@gmail.com>.
I guess this is related to publishers everywhere are updating their artifacts in response to the log4shell vulnerability[1].
All we can do and need to do is wait. ☕️
Best,
Leonard
[1] https://issues.sonatype.org/browse/OSSRH-76300 <https://issues.sonatype.org/browse/OSSRH-76300>
> 2021年12月17日 下午2:21,Jingsong Li <ji...@gmail.com> 写道:
>
> Not found in https://repo1.maven.org/maven2/org/apache/flink/flink-table-api-java/
>
> I guess too many people sent versions, resulting in maven central
> repository synchronization being slower.....
>
> Best,
> Jingsong
>
> On Fri, Dec 17, 2021 at 2:00 PM casel.chen <ca...@126.com> wrote:
>>
>> I can NOT find flink 1.13.5 related jar in maven central repository, did you upload them onto there already? Thanks!
>>
>>
>>
>>
>>
>>
>>
>> At 2021-12-17 01:26:19, "Chesnay Schepler" <ch...@apache.org> wrote:
>>> The Apache Flink community has released emergency bugfix versions of
>>> Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
>>>
>>> These releases include a version upgrade for Log4j to address
>>> [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
>>> [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
>>>
>>> We highly recommend all users to upgrade to the respective patch release.
>>>
>>> The releases are available for download at:
>>> https://flink.apache.org/downloads.html
>>>
>>> Please check out the release blog post for further details:
>>> https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
>>>
>>>
>>> Regards,
>>> Chesnay
>>
>>
>>
>>
>
>
>
> --
> Best, Jingsong Lee
Re: [ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by Leonard Xu <xb...@gmail.com>.
I guess this is related to publishers everywhere are updating their artifacts in response to the log4shell vulnerability[1].
All we can do and need to do is wait. ☕️
Best,
Leonard
[1] https://issues.sonatype.org/browse/OSSRH-76300 <https://issues.sonatype.org/browse/OSSRH-76300>
> 2021年12月17日 下午2:21,Jingsong Li <ji...@gmail.com> 写道:
>
> Not found in https://repo1.maven.org/maven2/org/apache/flink/flink-table-api-java/
>
> I guess too many people sent versions, resulting in maven central
> repository synchronization being slower.....
>
> Best,
> Jingsong
>
> On Fri, Dec 17, 2021 at 2:00 PM casel.chen <ca...@126.com> wrote:
>>
>> I can NOT find flink 1.13.5 related jar in maven central repository, did you upload them onto there already? Thanks!
>>
>>
>>
>>
>>
>>
>>
>> At 2021-12-17 01:26:19, "Chesnay Schepler" <ch...@apache.org> wrote:
>>> The Apache Flink community has released emergency bugfix versions of
>>> Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
>>>
>>> These releases include a version upgrade for Log4j to address
>>> [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
>>> [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
>>>
>>> We highly recommend all users to upgrade to the respective patch release.
>>>
>>> The releases are available for download at:
>>> https://flink.apache.org/downloads.html
>>>
>>> Please check out the release blog post for further details:
>>> https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
>>>
>>>
>>> Regards,
>>> Chesnay
>>
>>
>>
>>
>
>
>
> --
> Best, Jingsong Lee
Re: [ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by Jingsong Li <ji...@gmail.com>.
Not found in https://repo1.maven.org/maven2/org/apache/flink/flink-table-api-java/
I guess too many people sent versions, resulting in maven central
repository synchronization being slower.....
Best,
Jingsong
On Fri, Dec 17, 2021 at 2:00 PM casel.chen <ca...@126.com> wrote:
>
> I can NOT find flink 1.13.5 related jar in maven central repository, did you upload them onto there already? Thanks!
>
>
>
>
>
>
>
> At 2021-12-17 01:26:19, "Chesnay Schepler" <ch...@apache.org> wrote:
> >The Apache Flink community has released emergency bugfix versions of
> >Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
> >
> >These releases include a version upgrade for Log4j to address
> >[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
> >[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
> >
> >We highly recommend all users to upgrade to the respective patch release.
> >
> >The releases are available for download at:
> >https://flink.apache.org/downloads.html
> >
> >Please check out the release blog post for further details:
> >https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
> >
> >
> >Regards,
> >Chesnay
>
>
>
>
--
Best, Jingsong Lee
Re: [ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by Jingsong Li <ji...@gmail.com>.
Not found in https://repo1.maven.org/maven2/org/apache/flink/flink-table-api-java/
I guess too many people sent versions, resulting in maven central
repository synchronization being slower.....
Best,
Jingsong
On Fri, Dec 17, 2021 at 2:00 PM casel.chen <ca...@126.com> wrote:
>
> I can NOT find flink 1.13.5 related jar in maven central repository, did you upload them onto there already? Thanks!
>
>
>
>
>
>
>
> At 2021-12-17 01:26:19, "Chesnay Schepler" <ch...@apache.org> wrote:
> >The Apache Flink community has released emergency bugfix versions of
> >Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
> >
> >These releases include a version upgrade for Log4j to address
> >[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
> >[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
> >
> >We highly recommend all users to upgrade to the respective patch release.
> >
> >The releases are available for download at:
> >https://flink.apache.org/downloads.html
> >
> >Please check out the release blog post for further details:
> >https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
> >
> >
> >Regards,
> >Chesnay
>
>
>
>
--
Best, Jingsong Lee
Re: [ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by Chesnay Schepler <ch...@apache.org>.
Please see the blogpost.
On 17/12/2021 06:59, casel.chen wrote:
>
> I can NOT find flink 1.13.5 related jar in maven central repository,
> did you upload them onto there already? Thanks!
>
>
>
>
>
>
> At 2021-12-17 01:26:19, "Chesnay Schepler"<ch...@apache.org> wrote:
> >The Apache Flink community has released emergency bugfix versions of
> >Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
> >
> >These releases include a version upgrade for Log4j to address
> >[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
> >[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
> >
> >We highly recommend all users to upgrade to the respective patch release.
> >
> >The releases are available for download at:
> >https://flink.apache.org/downloads.html
> >
> >Please check out the release blog post for further details:
> >https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
> >
> >
> >Regards,
> >Chesnay
>
>
Re: [ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by Chesnay Schepler <ch...@apache.org>.
Please see the blogpost.
On 17/12/2021 06:59, casel.chen wrote:
>
> I can NOT find flink 1.13.5 related jar in maven central repository,
> did you upload them onto there already? Thanks!
>
>
>
>
>
>
> At 2021-12-17 01:26:19, "Chesnay Schepler"<ch...@apache.org> wrote:
> >The Apache Flink community has released emergency bugfix versions of
> >Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
> >
> >These releases include a version upgrade for Log4j to address
> >[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
> >[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
> >
> >We highly recommend all users to upgrade to the respective patch release.
> >
> >The releases are available for download at:
> >https://flink.apache.org/downloads.html
> >
> >Please check out the release blog post for further details:
> >https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
> >
> >
> >Regards,
> >Chesnay
>
>
Re:[ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by "casel.chen" <ca...@126.com>.
I can NOT find flink 1.13.5 related jar in maven central repository, did you upload them onto there already? Thanks!
At 2021-12-17 01:26:19, "Chesnay Schepler" <ch...@apache.org> wrote:
>The Apache Flink community has released emergency bugfix versions of
>Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
>
>These releases include a version upgrade for Log4j to address
>[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
>[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
>
>We highly recommend all users to upgrade to the respective patch release.
>
>The releases are available for download at:
>https://flink.apache.org/downloads.html
>
>Please check out the release blog post for further details:
>https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
>
>
>Regards,
>Chesnay
Re: [ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by Chesnay Schepler <ch...@apache.org>.
We are aware of that; it was also mentioned in the blogpost.
On 17/12/2021 07:17, wenlong.lwl wrote:
> Hi, @Chesnay Schepler <ch...@apache.org> I want to forward a feedback
> from the user mailing list, the jars of the new patch releases are not
> available at the central maven repo. example:
> https://mvnrepository.com/artifact/org.apache.flink/flink-streaming-java
>
>
> Best,
> Wenlong
>
> On Fri, 17 Dec 2021 at 01:27, Chesnay Schepler <ch...@apache.org> wrote:
>
>> The Apache Flink community has released emergency bugfix versions of
>> Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
>>
>> These releases include a version upgrade for Log4j to address
>> [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
>> [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
>>
>> We highly recommend all users to upgrade to the respective patch release.
>>
>> The releases are available for download at:
>> https://flink.apache.org/downloads.html
>>
>> Please check out the release blog post for further details:
>> https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
>>
>>
>> Regards,
>> Chesnay
>>
Re: [ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by Chesnay Schepler <ch...@apache.org>.
We are aware of that; it was also mentioned in the blogpost.
On 17/12/2021 07:17, wenlong.lwl wrote:
> Hi, @Chesnay Schepler <ch...@apache.org> I want to forward a feedback
> from the user mailing list, the jars of the new patch releases are not
> available at the central maven repo. example:
> https://mvnrepository.com/artifact/org.apache.flink/flink-streaming-java
>
>
> Best,
> Wenlong
>
> On Fri, 17 Dec 2021 at 01:27, Chesnay Schepler <ch...@apache.org> wrote:
>
>> The Apache Flink community has released emergency bugfix versions of
>> Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
>>
>> These releases include a version upgrade for Log4j to address
>> [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
>> [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
>>
>> We highly recommend all users to upgrade to the respective patch release.
>>
>> The releases are available for download at:
>> https://flink.apache.org/downloads.html
>>
>> Please check out the release blog post for further details:
>> https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
>>
>>
>> Regards,
>> Chesnay
>>
Re: [ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by "wenlong.lwl" <we...@gmail.com>.
Hi, @Chesnay Schepler <ch...@apache.org> I want to forward a feedback
from the user mailing list, the jars of the new patch releases are not
available at the central maven repo. example:
https://mvnrepository.com/artifact/org.apache.flink/flink-streaming-java
Best,
Wenlong
On Fri, 17 Dec 2021 at 01:27, Chesnay Schepler <ch...@apache.org> wrote:
> The Apache Flink community has released emergency bugfix versions of
> Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
>
> These releases include a version upgrade for Log4j to address
> [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
> [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
>
> We highly recommend all users to upgrade to the respective patch release.
>
> The releases are available for download at:
> https://flink.apache.org/downloads.html
>
> Please check out the release blog post for further details:
> https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
>
>
> Regards,
> Chesnay
>
Re:[ANNOUNCE] Apache Flink 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 released
Posted by "casel.chen" <ca...@126.com>.
I can NOT find flink 1.13.5 related jar in maven central repository, did you upload them onto there already? Thanks!
At 2021-12-17 01:26:19, "Chesnay Schepler" <ch...@apache.org> wrote:
>The Apache Flink community has released emergency bugfix versions of
>Apache Flink for the 1.11, 1.12, 1.13 and 1.14 series.
>
>These releases include a version upgrade for Log4j to address
>[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) and
>[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046).
>
>We highly recommend all users to upgrade to the respective patch release.
>
>The releases are available for download at:
>https://flink.apache.org/downloads.html
>
>Please check out the release blog post for further details:
>https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
>
>
>Regards,
>Chesnay