You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2022/08/25 15:49:00 UTC
[jira] [Created] (NIFI-10395) Add Apache Xalan to Banned Dependencies
David Handermann created NIFI-10395:
---------------------------------------
Summary: Add Apache Xalan to Banned Dependencies
Key: NIFI-10395
URL: https://issues.apache.org/jira/browse/NIFI-10395
Project: Apache NiFi
Issue Type: Improvement
Components: Tools and Build
Reporter: David Handermann
Assignee: David Handermann
Apache Xalan 2.7.2 was released in April 2014 and the description of [CVE-2022-34169|https://nvd.nist.gov/vuln/detail/CVE-2022-34169] highlights the fact that the project is dormant, with no future releases are planned.
Direct dependencies on Apache Xalan should not be necessary, as the standard Java installation includes a bundled version. Changes in NIFI-8417 excluded one transitive dependency on Xalan, so the root Maven configuration should be updated to add Xalan to the list of banned dependencies, ensuring that no future changes introduce it as a transitive dependency.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)