banzo
commented
2 years ago
- circleci is reporting failed builds
It should be ok now, I had to bump Helm version in the Circle-CI publish script, and the Zookeeper chart version in the dependencies.
- github actions are reporting test failures
This is fixed now.
- chart release is v1.0.4 on README.md on github, but v1.0.6 is the latest version of the chart on artifacthub.io
It is ok now, we are at 1.1.0
- Feature/cert manager #218 has a significant amount of changes. is the goal to have a major release? if so, is that release imminent? there are PR's ready to be merged to master but it appears (to me, could be lacking information) that Feature/cert manager #218 is taking priority and prohibiting smaller improvements to the chart.
I just merged it, feel free to provide feedback. Next steps are your two remaining PRs. If the rebase goes fine, it should be quick.
- the default version of Nifi and Zookeeper that ship with the v1.0.6 chart includes the log4j cve. is there a plan to upgrade these versions so new users are not unknowingly deploying the cve? or is the position of this project that the cve is not a concern?
I do not think the project has a position on cve criticality but I'll raise the issue in our next secret meeting.
Jokes aside, the security rating of the chart should be improved ("F" on artifacthub). Upgrading to newer NiFi images (1.15 and 1.16) would be the logical next steps.
gforeman02
I wanted to raise the following concerns/issues to make sure they are being raised/tracked/resolved:
218 has a significant amount of changes. is the goal to have a major release? if so, is that release imminent? there are PR's ready to be merged to master but it appears (to me, could be lacking information) that #218 is taking priority and prohibiting smaller improvements to the chart.