You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "r-sidd (via GitHub)" <gi...@apache.org> on 2023/06/12 16:28:06 UTC

[GitHub] [nifi] r-sidd commented on pull request #7368: NIFI-11678: Update jakarta.activation to 2.0.1

r-sidd commented on PR #7368:
URL: https://github.com/apache/nifi/pull/7368#issuecomment-1587668039

   > Thanks for the contribution @r-sidd, however, this change cannot go forward at this time. The Jakarta Activation library is a dependency of Jakarta Mail, which is also on version 1 right due to interrelated dependencies from JAXB.
   > 
   > In general, upgrading major version library versions is a more involved process, so please review the implications of changes prior to submitting pull requests.
   > 
   > In addition, Jakarta Activation 1.2.2 is not vulnerable to [CVE-2020-15250](https://github.com/advisories/GHSA-269g-pwp5-87pp) as mentioned on the Jira issue. That vulnerability applies to JUnit, which is a build time dependency, not a runtime dependency.
   
   Sorry about that, thanks for the explanation 🙂


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org