You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Mike R (Jira)" <ji...@apache.org> on 2022/06/30 13:45:00 UTC

[jira] [Created] (NIFI-10184) Update Antlr-Runtime To 4.X

Mike R created NIFI-10184:
-----------------------------

             Summary: Update Antlr-Runtime To 4.X
                 Key: NIFI-10184
                 URL: https://issues.apache.org/jira/browse/NIFI-10184
             Project: Apache NiFi
          Issue Type: Improvement
            Reporter: Mike R


The current version of nifi-record-serialization-services includes a compile dependency of antlr-runtime of 3.5.2. The antlr-runtime of 3.5.2 has a vulnerable dependency of a vulnerable version of junit 4.10, which has CVE-2020-15250 filed against it. If possible, would updating to version 4.X work?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)