[DISCUSS] Releasing Apache Flink 1.10.3

> Hi,
> I'd like to initiate a discussion on releasing Flink 1.10.3. There were a
> few requests in favor of this already in [1] and [2].
>
> I checked the release-1.10 branch: 55 commits are not released, yet.
> Some non-released fixes that might be relevant are:
> - FLINK-20218 [3] - fix "module 'urllib' has no attribute 'parse'" due to
> ProtoBuf version update
> - FLINK-20013 [4] - BoundedBlockingSubpartition may leak network buffer
> - FLINK-19252 [5] - temporary folder is not created when missing
> - FLINK-19557 [6] - LeaderRetrievalListener notification upon ZooKeeper
> reconnection
> - FLINK-19523 [7] - hide sensitive information in logs
>
> In addition to that, we would like to include a backport for CVE-2020-17518
> and CVE-2020-17519 to cover the request in [2].
>
> The travis-ci build chain for release-1.10 seems to be stable [8].
> Any thoughts on that? Unfortunately, I cannot volunteer as a release
> manager due to the lack of permissions. But I wanted to start the
> discussion, anyway.
>
> Best,
> Matthias
>
> [1]
>
> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/ANNOUNCE-Weekly-Community-Update-2020-44-45-td46486.html#a47610
> [2] https://issues.apache.org/jira/browse/FLINK-20875
> [3] https://issues.apache.org/jira/browse/FLINK-20218
> [4] https://issues.apache.org/jira/browse/FLINK-20013
> [5] https://issues.apache.org/jira/browse/FLINK-19252
> [6] https://issues.apache.org/jira/browse/FLINK-19557
> [7] https://issues.apache.org/jira/browse/FLINK-19523
> [8] https://travis-ci.com/github/apache/flink/builds/212749910
>

> Thanks for bringing this up, Matthias.
>
> Per the "Update Policy for old releases" [1], normally we do not release
> 1.10.x after 1.12.0 is released. However, the policy also says that we are
> "open to discussing bugfix releases for even older versions".
>
> In this case, I'm +1 for releasing 1.10.3, for the dozens of  non-released
> fixes and the security flaws.
>
> As a reminder, I'd like to bring up FLINK-20906 [2] to be backported if we
> are releasing 1.10.3, which updates the copyright year in NOTICE files to
> 2021.
>
> Thank you~
>
> Xintong Song
>
>
> [1] https://flink.apache.org/downloads.html
> [2] https://issues.apache.org/jira/browse/FLINK-20906
>
> On Tue, Jan 12, 2021 at 7:15 PM Matthias Pohl <[hidden email]>
> wrote:
>
> > Hi,
> > I'd like to initiate a discussion on releasing Flink 1.10.3. There were a
> > few requests in favor of this already in [1] and [2].
> >
> > I checked the release-1.10 branch: 55 commits are not released, yet.
> > Some non-released fixes that might be relevant are:
> > - FLINK-20218 [3] - fix "module 'urllib' has no attribute 'parse'" due to
> > ProtoBuf version update
> > - FLINK-20013 [4] - BoundedBlockingSubpartition may leak network buffer
> > - FLINK-19252 [5] - temporary folder is not created when missing
> > - FLINK-19557 [6] - LeaderRetrievalListener notification upon ZooKeeper
> > reconnection
> > - FLINK-19523 [7] - hide sensitive information in logs
> >
> > In addition to that, we would like to include a backport for
> CVE-2020-17518
> > and CVE-2020-17519 to cover the request in [2].
> >
> > The travis-ci build chain for release-1.10 seems to be stable [8].
> > Any thoughts on that? Unfortunately, I cannot volunteer as a release
> > manager due to the lack of permissions. But I wanted to start the
> > discussion, anyway.
> >
> > Best,
> > Matthias
> >
> > [1]
> >
> >
> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/ANNOUNCE-Weekly-Community-Update-2020-44-45-td46486.html#a47610
> > [2] https://issues.apache.org/jira/browse/FLINK-20875
> > [3] https://issues.apache.org/jira/browse/FLINK-20218
> > [4] https://issues.apache.org/jira/browse/FLINK-20013
> > [5] https://issues.apache.org/jira/browse/FLINK-19252
> > [6] https://issues.apache.org/jira/browse/FLINK-19557
> > [7] https://issues.apache.org/jira/browse/FLINK-19523
> > [8] https://travis-ci.com/github/apache/flink/builds/212749910
> >
>

> Thanks for starting this discussion, Matthias.
>
> +1 for releasing 1.10.3 as it contains a number of important fixes.
>
> Best,
> Xingbo
>
> Xintong Song <[hidden email]> 于2021年1月13日周三 下午3:46写道：
>
> > Thanks for bringing this up, Matthias.
> >
> > Per the "Update Policy for old releases" [1], normally we do not release
> > 1.10.x after 1.12.0 is released. However, the policy also says that we
> are
> > "open to discussing bugfix releases for even older versions".
> >
> > In this case, I'm +1 for releasing 1.10.3, for the dozens of
> non-released
> > fixes and the security flaws.
> >
> > As a reminder, I'd like to bring up FLINK-20906 [2] to be backported if
> we
> > are releasing 1.10.3, which updates the copyright year in NOTICE files to
> > 2021.
> >
> > Thank you~
> >
> > Xintong Song
> >
> >
> > [1] https://flink.apache.org/downloads.html
> > [2] https://issues.apache.org/jira/browse/FLINK-20906
> >
> > On Tue, Jan 12, 2021 at 7:15 PM Matthias Pohl <[hidden email]>
> > wrote:
> >
> > > Hi,
> > > I'd like to initiate a discussion on releasing Flink 1.10.3. There
> were a
> > > few requests in favor of this already in [1] and [2].
> > >
> > > I checked the release-1.10 branch: 55 commits are not released, yet.
> > > Some non-released fixes that might be relevant are:
> > > - FLINK-20218 [3] - fix "module 'urllib' has no attribute 'parse'" due
> to
> > > ProtoBuf version update
> > > - FLINK-20013 [4] - BoundedBlockingSubpartition may leak network buffer
> > > - FLINK-19252 [5] - temporary folder is not created when missing
> > > - FLINK-19557 [6] - LeaderRetrievalListener notification upon ZooKeeper
> > > reconnection
> > > - FLINK-19523 [7] - hide sensitive information in logs
> > >
> > > In addition to that, we would like to include a backport for
> > CVE-2020-17518
> > > and CVE-2020-17519 to cover the request in [2].
> > >
> > > The travis-ci build chain for release-1.10 seems to be stable [8].
> > > Any thoughts on that? Unfortunately, I cannot volunteer as a release
> > > manager due to the lack of permissions. But I wanted to start the
> > > discussion, anyway.
> > >
> > > Best,
> > > Matthias
> > >
> > > [1]
> > >
> > >
> >
> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/ANNOUNCE-Weekly-Community-Update-2020-44-45-td46486.html#a47610
> > > [2] https://issues.apache.org/jira/browse/FLINK-20875
> > > [3] https://issues.apache.org/jira/browse/FLINK-20218
> > > [4] https://issues.apache.org/jira/browse/FLINK-20013
> > > [5] https://issues.apache.org/jira/browse/FLINK-19252
> > > [6] https://issues.apache.org/jira/browse/FLINK-19557
> > > [7] https://issues.apache.org/jira/browse/FLINK-19523
> > > [8] https://travis-ci.com/github/apache/flink/builds/212749910
> > >
> >
>

> Thanks for starting this discussion Matthias. I agree with all of you that
> a final 1.10.3 release could be really helpful for our users. Given that CI
> passes, it shouldn't be too much overhead either.
>
> Cheers,
> Till
>
> On Wed, Jan 13, 2021 at 9:45 AM Xingbo Huang <[hidden email]> wrote:
>
> > Thanks for starting this discussion, Matthias.
> >
> > +1 for releasing 1.10.3 as it contains a number of important fixes.
> >
> > Best,
> > Xingbo
> >
> > Xintong Song <[hidden email]> 于2021年1月13日周三 下午3:46写道：
> >
> > > Thanks for bringing this up, Matthias.
> > >
> > > Per the "Update Policy for old releases" [1], normally we do not
> release
> > > 1.10.x after 1.12.0 is released. However, the policy also says that we
> > are
> > > "open to discussing bugfix releases for even older versions".
> > >
> > > In this case, I'm +1 for releasing 1.10.3, for the dozens of
> > non-released
> > > fixes and the security flaws.
> > >
> > > As a reminder, I'd like to bring up FLINK-20906 [2] to be backported if
> > we
> > > are releasing 1.10.3, which updates the copyright year in NOTICE files
> to
> > > 2021.
> > >
> > > Thank you~
> > >
> > > Xintong Song
> > >
> > >
> > > [1] https://flink.apache.org/downloads.html
> > > [2] https://issues.apache.org/jira/browse/FLINK-20906
> > >
> > > On Tue, Jan 12, 2021 at 7:15 PM Matthias Pohl <[hidden email]>
> > > wrote:
> > >
> > > > Hi,
> > > > I'd like to initiate a discussion on releasing Flink 1.10.3. There
> > were a
> > > > few requests in favor of this already in [1] and [2].
> > > >
> > > > I checked the release-1.10 branch: 55 commits are not released, yet.
> > > > Some non-released fixes that might be relevant are:
> > > > - FLINK-20218 [3] - fix "module 'urllib' has no attribute 'parse'"
> due
> > to
> > > > ProtoBuf version update
> > > > - FLINK-20013 [4] - BoundedBlockingSubpartition may leak network
> buffer
> > > > - FLINK-19252 [5] - temporary folder is not created when missing
> > > > - FLINK-19557 [6] - LeaderRetrievalListener notification upon
> ZooKeeper
> > > > reconnection
> > > > - FLINK-19523 [7] - hide sensitive information in logs
> > > >
> > > > In addition to that, we would like to include a backport for
> > > CVE-2020-17518
> > > > and CVE-2020-17519 to cover the request in [2].
> > > >
> > > > The travis-ci build chain for release-1.10 seems to be stable [8].
> > > > Any thoughts on that? Unfortunately, I cannot volunteer as a release
> > > > manager due to the lack of permissions. But I wanted to start the
> > > > discussion, anyway.
> > > >
> > > > Best,
> > > > Matthias
> > > >
> > > > [1]
> > > >
> > > >
> > >
> >
> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/ANNOUNCE-Weekly-Community-Update-2020-44-45-td46486.html#a47610
> > > > [2] https://issues.apache.org/jira/browse/FLINK-20875
> > > > [3] https://issues.apache.org/jira/browse/FLINK-20218
> > > > [4] https://issues.apache.org/jira/browse/FLINK-20013
> > > > [5] https://issues.apache.org/jira/browse/FLINK-19252
> > > > [6] https://issues.apache.org/jira/browse/FLINK-19557
> > > > [7] https://issues.apache.org/jira/browse/FLINK-19523
> > > > [8] https://travis-ci.com/github/apache/flink/builds/212749910
> > > >
> > >
> >
>

> +1 for having a bugfix release for the 1.10 branch to fix the security
> issue.
>
> Thanks for driving the discussion Matthias!
>
> Minor: CVE-2020-17519 is introduced by 1.11.0 [1] so we don't need to fix
> it in 1.10.3, but CVE-2020-17518 [2] is needed.
>
> Best Regards,
> Yu
>
> [1] https://s.apache.org/CVE-2020-17519
> [2] https://s.apache.org/CVE-2020-17518
>
>
> On Wed, 13 Jan 2021 at 16:57, Till Rohrmann <[hidden email]> wrote:
>
> > Thanks for starting this discussion Matthias. I agree with all of you
> that
> > a final 1.10.3 release could be really helpful for our users. Given that
> CI
> > passes, it shouldn't be too much overhead either.
> >
> > Cheers,
> > Till
> >
> > On Wed, Jan 13, 2021 at 9:45 AM Xingbo Huang <[hidden email]> wrote:
> >
> > > Thanks for starting this discussion, Matthias.
> > >
> > > +1 for releasing 1.10.3 as it contains a number of important fixes.
> > >
> > > Best,
> > > Xingbo
> > >
> > > Xintong Song <[hidden email]> 于2021年1月13日周三 下午3:46写道：
> > >
> > > > Thanks for bringing this up, Matthias.
> > > >
> > > > Per the "Update Policy for old releases" [1], normally we do not
> > release
> > > > 1.10.x after 1.12.0 is released. However, the policy also says that
> we
> > > are
> > > > "open to discussing bugfix releases for even older versions".
> > > >
> > > > In this case, I'm +1 for releasing 1.10.3, for the dozens of
> > > non-released
> > > > fixes and the security flaws.
> > > >
> > > > As a reminder, I'd like to bring up FLINK-20906 [2] to be backported
> if
> > > we
> > > > are releasing 1.10.3, which updates the copyright year in NOTICE
> files
> > to
> > > > 2021.
> > > >
> > > > Thank you~
> > > >
> > > > Xintong Song
> > > >
> > > >
> > > > [1] https://flink.apache.org/downloads.html
> > > > [2] https://issues.apache.org/jira/browse/FLINK-20906
> > > >
> > > > On Tue, Jan 12, 2021 at 7:15 PM Matthias Pohl <
> [hidden email]>
> > > > wrote:
> > > >
> > > > > Hi,
> > > > > I'd like to initiate a discussion on releasing Flink 1.10.3. There
> > > were a
> > > > > few requests in favor of this already in [1] and [2].
> > > > >
> > > > > I checked the release-1.10 branch: 55 commits are not released,
> yet.
> > > > > Some non-released fixes that might be relevant are:
> > > > > - FLINK-20218 [3] - fix "module 'urllib' has no attribute 'parse'"
> > due
> > > to
> > > > > ProtoBuf version update
> > > > > - FLINK-20013 [4] - BoundedBlockingSubpartition may leak network
> > buffer
> > > > > - FLINK-19252 [5] - temporary folder is not created when missing
> > > > > - FLINK-19557 [6] - LeaderRetrievalListener notification upon
> > ZooKeeper
> > > > > reconnection
> > > > > - FLINK-19523 [7] - hide sensitive information in logs
> > > > >
> > > > > In addition to that, we would like to include a backport for
> > > > CVE-2020-17518
> > > > > and CVE-2020-17519 to cover the request in [2].
> > > > >
> > > > > The travis-ci build chain for release-1.10 seems to be stable [8].
> > > > > Any thoughts on that? Unfortunately, I cannot volunteer as a
> release
> > > > > manager due to the lack of permissions. But I wanted to start the
> > > > > discussion, anyway.
> > > > >
> > > > > Best,
> > > > > Matthias
> > > > >
> > > > > [1]
> > > > >
> > > > >
> > > >
> > >
> >
> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/ANNOUNCE-Weekly-Community-Update-2020-44-45-td46486.html#a47610
> > > > > [2] https://issues.apache.org/jira/browse/FLINK-20875
> > > > > [3] https://issues.apache.org/jira/browse/FLINK-20218
> > > > > [4] https://issues.apache.org/jira/browse/FLINK-20013
> > > > > [5] https://issues.apache.org/jira/browse/FLINK-19252
> > > > > [6] https://issues.apache.org/jira/browse/FLINK-19557
> > > > > [7] https://issues.apache.org/jira/browse/FLINK-19523
> > > > > [8] https://travis-ci.com/github/apache/flink/builds/212749910
> > > > >
> > > >
> > >
> >
>

> Maybe I can help drive this release, if there's no one else volunteering.
> I've been managing the 1.11.3 and 1.12.1 releases. The bugfix release
> process is still warm in my mind. :)
>
> Thank you~
>
> Xintong Song
>
>
>
> On Wed, Jan 13, 2021 at 8:09 PM Yu Li <[hidden email]> wrote:
>
>> +1 for having a bugfix release for the 1.10 branch to fix the security
>> issue.
>>
>> Thanks for driving the discussion Matthias!
>>
>> Minor: CVE-2020-17519 is introduced by 1.11.0 [1] so we don't need to fix
>> it in 1.10.3, but CVE-2020-17518 [2] is needed.
>>
>> Best Regards,
>> Yu
>>
>> [1] https://s.apache.org/CVE-2020-17519
>> [2] https://s.apache.org/CVE-2020-17518
>>
>>
>> On Wed, 13 Jan 2021 at 16:57, Till Rohrmann <[hidden email]> wrote:
>>
>> > Thanks for starting this discussion Matthias. I agree with all of you
>> that
>> > a final 1.10.3 release could be really helpful for our users. Given
>> that CI
>> > passes, it shouldn't be too much overhead either.
>> >
>> > Cheers,
>> > Till
>> >
>> > On Wed, Jan 13, 2021 at 9:45 AM Xingbo Huang <[hidden email]>
>> wrote:
>> >
>> > > Thanks for starting this discussion, Matthias.
>> > >
>> > > +1 for releasing 1.10.3 as it contains a number of important fixes.
>> > >
>> > > Best,
>> > > Xingbo
>> > >
>> > > Xintong Song <[hidden email]> 于2021年1月13日周三 下午3:46写道：
>> > >
>> > > > Thanks for bringing this up, Matthias.
>> > > >
>> > > > Per the "Update Policy for old releases" [1], normally we do not
>> > release
>> > > > 1.10.x after 1.12.0 is released. However, the policy also says that
>> we
>> > > are
>> > > > "open to discussing bugfix releases for even older versions".
>> > > >
>> > > > In this case, I'm +1 for releasing 1.10.3, for the dozens of
>> > > non-released
>> > > > fixes and the security flaws.
>> > > >
>> > > > As a reminder, I'd like to bring up FLINK-20906 [2] to be
>> backported if
>> > > we
>> > > > are releasing 1.10.3, which updates the copyright year in NOTICE
>> files
>> > to
>> > > > 2021.
>> > > >
>> > > > Thank you~
>> > > >
>> > > > Xintong Song
>> > > >
>> > > >
>> > > > [1] https://flink.apache.org/downloads.html
>> > > > [2] https://issues.apache.org/jira/browse/FLINK-20906
>> > > >
>> > > > On Tue, Jan 12, 2021 at 7:15 PM Matthias Pohl <
>> [hidden email]>
>> > > > wrote:
>> > > >
>> > > > > Hi,
>> > > > > I'd like to initiate a discussion on releasing Flink 1.10.3. There
>> > > were a
>> > > > > few requests in favor of this already in [1] and [2].
>> > > > >
>> > > > > I checked the release-1.10 branch: 55 commits are not released,
>> yet.
>> > > > > Some non-released fixes that might be relevant are:
>> > > > > - FLINK-20218 [3] - fix "module 'urllib' has no attribute 'parse'"
>> > due
>> > > to
>> > > > > ProtoBuf version update
>> > > > > - FLINK-20013 [4] - BoundedBlockingSubpartition may leak network
>> > buffer
>> > > > > - FLINK-19252 [5] - temporary folder is not created when missing
>> > > > > - FLINK-19557 [6] - LeaderRetrievalListener notification upon
>> > ZooKeeper
>> > > > > reconnection
>> > > > > - FLINK-19523 [7] - hide sensitive information in logs
>> > > > >
>> > > > > In addition to that, we would like to include a backport for
>> > > > CVE-2020-17518
>> > > > > and CVE-2020-17519 to cover the request in [2].
>> > > > >
>> > > > > The travis-ci build chain for release-1.10 seems to be stable [8].
>> > > > > Any thoughts on that? Unfortunately, I cannot volunteer as a
>> release
>> > > > > manager due to the lack of permissions. But I wanted to start the
>> > > > > discussion, anyway.
>> > > > >
>> > > > > Best,
>> > > > > Matthias
>> > > > >
>> > > > > [1]
>> > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/ANNOUNCE-Weekly-Community-Update-2020-44-45-td46486.html#a47610
>> > > > > [2] https://issues.apache.org/jira/browse/FLINK-20875
>> > > > > [3] https://issues.apache.org/jira/browse/FLINK-20218
>> > > > > [4] https://issues.apache.org/jira/browse/FLINK-20013
>> > > > > [5] https://issues.apache.org/jira/browse/FLINK-19252
>> > > > > [6] https://issues.apache.org/jira/browse/FLINK-19557
>> > > > > [7] https://issues.apache.org/jira/browse/FLINK-19523
>> > > > > [8] https://travis-ci.com/github/apache/flink/builds/212749910
>> > > > >
>> > > >
>> > >
>> >
>
>

> You right, Yu. Thanks for pointing that out.
> And thanks for volunteering, Xintong.
>
> On Thu, Jan 14, 2021 at 3:31 AM Xintong Song <[hidden email]>
> wrote:
>
>> Maybe I can help drive this release, if there's no one else volunteering.
>> I've been managing the 1.11.3 and 1.12.1 releases. The bugfix release
>> process is still warm in my mind. :)
>>
>> Thank you~
>>
>> Xintong Song
>>
>>
>>
>> On Wed, Jan 13, 2021 at 8:09 PM Yu Li <[hidden email]> wrote:
>>
>>> +1 for having a bugfix release for the 1.10 branch to fix the security
>>> issue.
>>>
>>> Thanks for driving the discussion Matthias!
>>>
>>> Minor: CVE-2020-17519 is introduced by 1.11.0 [1] so we don't need to fix
>>> it in 1.10.3, but CVE-2020-17518 [2] is needed.
>>>
>>> Best Regards,
>>> Yu
>>>
>>> [1] https://s.apache.org/CVE-2020-17519
>>> [2] https://s.apache.org/CVE-2020-17518
>>>
>>>
>>> On Wed, 13 Jan 2021 at 16:57, Till Rohrmann <[hidden email]>
>>> wrote:
>>>
>>> > Thanks for starting this discussion Matthias. I agree with all of you
>>> that
>>> > a final 1.10.3 release could be really helpful for our users. Given
>>> that CI
>>> > passes, it shouldn't be too much overhead either.
>>> >
>>> > Cheers,
>>> > Till
>>> >
>>> > On Wed, Jan 13, 2021 at 9:45 AM Xingbo Huang <[hidden email]>
>>> wrote:
>>> >
>>> > > Thanks for starting this discussion, Matthias.
>>> > >
>>> > > +1 for releasing 1.10.3 as it contains a number of important fixes.
>>> > >
>>> > > Best,
>>> > > Xingbo
>>> > >
>>> > > Xintong Song <[hidden email]> 于2021年1月13日周三 下午3:46写道：
>>> > >
>>> > > > Thanks for bringing this up, Matthias.
>>> > > >
>>> > > > Per the "Update Policy for old releases" [1], normally we do not
>>> > release
>>> > > > 1.10.x after 1.12.0 is released. However, the policy also says
>>> that we
>>> > > are
>>> > > > "open to discussing bugfix releases for even older versions".
>>> > > >
>>> > > > In this case, I'm +1 for releasing 1.10.3, for the dozens of
>>> > > non-released
>>> > > > fixes and the security flaws.
>>> > > >
>>> > > > As a reminder, I'd like to bring up FLINK-20906 [2] to be
>>> backported if
>>> > > we
>>> > > > are releasing 1.10.3, which updates the copyright year in NOTICE
>>> files
>>> > to
>>> > > > 2021.
>>> > > >
>>> > > > Thank you~
>>> > > >
>>> > > > Xintong Song
>>> > > >
>>> > > >
>>> > > > [1] https://flink.apache.org/downloads.html
>>> > > > [2] https://issues.apache.org/jira/browse/FLINK-20906
>>> > > >
>>> > > > On Tue, Jan 12, 2021 at 7:15 PM Matthias Pohl <
>>> [hidden email]>
>>> > > > wrote:
>>> > > >
>>> > > > > Hi,
>>> > > > > I'd like to initiate a discussion on releasing Flink 1.10.3.
>>> There
>>> > > were a
>>> > > > > few requests in favor of this already in [1] and [2].
>>> > > > >
>>> > > > > I checked the release-1.10 branch: 55 commits are not released,
>>> yet.
>>> > > > > Some non-released fixes that might be relevant are:
>>> > > > > - FLINK-20218 [3] - fix "module 'urllib' has no attribute
>>> 'parse'"
>>> > due
>>> > > to
>>> > > > > ProtoBuf version update
>>> > > > > - FLINK-20013 [4] - BoundedBlockingSubpartition may leak network
>>> > buffer
>>> > > > > - FLINK-19252 [5] - temporary folder is not created when missing
>>> > > > > - FLINK-19557 [6] - LeaderRetrievalListener notification upon
>>> > ZooKeeper
>>> > > > > reconnection
>>> > > > > - FLINK-19523 [7] - hide sensitive information in logs
>>> > > > >
>>> > > > > In addition to that, we would like to include a backport for
>>> > > > CVE-2020-17518
>>> > > > > and CVE-2020-17519 to cover the request in [2].
>>> > > > >
>>> > > > > The travis-ci build chain for release-1.10 seems to be stable
>>> [8].
>>> > > > > Any thoughts on that? Unfortunately, I cannot volunteer as a
>>> release
>>> > > > > manager due to the lack of permissions. But I wanted to start the
>>> > > > > discussion, anyway.
>>> > > > >
>>> > > > > Best,
>>> > > > > Matthias
>>> > > > >
>>> > > > > [1]
>>> > > > >
>>> > > > >
>>> > > >
>>> > >
>>> >
>>> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/ANNOUNCE-Weekly-Community-Update-2020-44-45-td46486.html#a47610
>>> > > > > [2] https://issues.apache.org/jira/browse/FLINK-20875
>>> > > > > [3] https://issues.apache.org/jira/browse/FLINK-20218
>>> > > > > [4] https://issues.apache.org/jira/browse/FLINK-20013
>>> > > > > [5] https://issues.apache.org/jira/browse/FLINK-19252
>>> > > > > [6] https://issues.apache.org/jira/browse/FLINK-19557
>>> > > > > [7] https://issues.apache.org/jira/browse/FLINK-19523
>>> > > > > [8] https://travis-ci.com/github/apache/flink/builds/212749910
>>> > > > >
>>> > > >
>>> > >
>>> >
>>
>>