You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Joe Witt (Jira)" <ji...@apache.org> on 2023/09/25 22:44:00 UTC

[jira] [Commented] (NIFI-12128) Resolve reported vulnerable libraries from dependency-check

    [ https://issues.apache.org/jira/browse/NIFI-12128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17768934#comment-17768934 ] 

Joe Witt commented on NIFI-12128:
---------------------------------

cassandra-driver-extras-3.11.4.jar move to cassandra-driver-extras-3.11.5.jar

> Resolve reported vulnerable libraries from dependency-check
> -----------------------------------------------------------
>
>                 Key: NIFI-12128
>                 URL: https://issues.apache.org/jira/browse/NIFI-12128
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Joe Witt
>            Assignee: Joe Witt
>            Priority: Major
>
> Running in docker - docker scout shows a variety of vulnerable libraries including things that are shaded.  Many of which are in hbase/hadoop related libs.
> Running the dependency check such as mvn validate -P dependency-check
> We get the typical long list.  Time to review and pick off several to improve/resolve.
> We should consider removing the hadoop related components from the default convenience build.  People can still use those nars but we can save space not packaging them and we avoid shipping them and the vulnerable libs.  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)