You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2023/03/28 15:39:15 UTC
[nifi] branch support/nifi-1.x updated (ff5a783943 -> e5843cde6f)
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a change to branch support/nifi-1.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
from ff5a783943 NIFI-4890 Refactor OIDC with support for Refresh Tokens (#7013)
new d23ca26f7a NIFI-11348 This closes #7090. Upgraded JRuby from 9.3.9.0 to 9.4.2.0
new 87768708ab NIFI-11347 This closes #7089. Upgraded OWASP Dependency Check from 8.0.2 to 8.2.1
new e5843cde6f NIFI-11346 This closes #7088. Upgraded Parquet from 1.12.0 to 1.12.3
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
nifi-dependency-check-maven/suppressions.xml | 117 +++++++++++++--------
.../nifi-graph-test-clients/pom.xml | 4 +
.../nifi-hive-bundle/nifi-hive-test-utils/pom.xml | 20 ++++
.../nifi-hive-bundle/nifi-hive3-processors/pom.xml | 4 +
nifi-nar-bundles/nifi-hive-bundle/pom.xml | 5 +
.../nifi-iceberg-processors/pom.xml | 8 ++
.../nifi-parquet-processors/pom.xml | 2 +-
nifi-nar-bundles/nifi-ranger-bundle/pom.xml | 6 ++
.../nifi-scripting-processors/pom.xml | 2 +-
.../nifi-registry-ranger/pom.xml | 6 ++
pom.xml | 3 +-
11 files changed, 128 insertions(+), 49 deletions(-)
[nifi] 01/03: NIFI-11348 This closes #7090. Upgraded JRuby from 9.3.9.0 to 9.4.2.0
Posted by jo...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch support/nifi-1.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit d23ca26f7aa6b00ff3193988266911bf1feff999
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Mon Mar 27 19:14:01 2023 -0500
NIFI-11348 This closes #7090. Upgraded JRuby from 9.3.9.0 to 9.4.2.0
Signed-off-by: Joe Witt <jo...@apache.org>
---
.../nifi-scripting-bundle/nifi-scripting-processors/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/pom.xml b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/pom.xml
index 00389246a3..74ba9a96d8 100644
--- a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/pom.xml
@@ -88,7 +88,7 @@
<dependency>
<groupId>org.jruby</groupId>
<artifactId>jruby-complete</artifactId>
- <version>9.3.9.0</version>
+ <version>9.4.2.0</version>
</dependency>
<dependency>
<groupId>org.clojure</groupId>
[nifi] 02/03: NIFI-11347 This closes #7089. Upgraded OWASP Dependency Check from 8.0.2 to 8.2.1
Posted by jo...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch support/nifi-1.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 87768708ab5649f314e257320e8543f7d4b83867
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Mon Mar 27 18:16:51 2023 -0500
NIFI-11347 This closes #7089. Upgraded OWASP Dependency Check from 8.0.2 to 8.2.1
- Updated suppression configuration
- Upgraded Solr from 8.6.3 to 8.11.1 for Ranger
- Excluded Apache Ivy from Hive and Janus Graph dependencies
- Excluded Groovy from Hive tests
Signed-off-by: Joe Witt <jo...@apache.org>
---
nifi-dependency-check-maven/suppressions.xml | 117 +++++++++++++--------
.../nifi-graph-test-clients/pom.xml | 4 +
.../nifi-hive-bundle/nifi-hive-test-utils/pom.xml | 20 ++++
.../nifi-hive-bundle/nifi-hive3-processors/pom.xml | 4 +
.../nifi-iceberg-processors/pom.xml | 8 ++
nifi-nar-bundles/nifi-ranger-bundle/pom.xml | 6 ++
.../nifi-registry-ranger/pom.xml | 6 ++
pom.xml | 3 +-
8 files changed, 121 insertions(+), 47 deletions(-)
diff --git a/nifi-dependency-check-maven/suppressions.xml b/nifi-dependency-check-maven/suppressions.xml
index fd17ad5457..23b617c89a 100644
--- a/nifi-dependency-check-maven/suppressions.xml
+++ b/nifi-dependency-check-maven/suppressions.xml
@@ -44,11 +44,6 @@
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$</packageUrl>
<vulnerabilityName>CVE-2020-5408</vulnerabilityName>
</suppress>
- <suppress>
- <notes>Spark 2.13 used in nifi-spark-receiver is not impacted by Spark Server vulnerabilities</notes>
- <packageUrl regex="true">^pkg:maven/org\.apache\.spark/spark\-.+?_2\.13@.*$</packageUrl>
- <cpe>cpe:/a:apache:spark</cpe>
- </suppress>
<suppress>
<notes>Apache Hive vulnerabilities do not apply to Flume Hive Sink</notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-hive\-sink@.*$</packageUrl>
@@ -84,36 +79,11 @@
<packageUrl regex="true">^pkg:maven/xerces/xercesImpl@.*$</packageUrl>
<cve>CVE-2017-10355</cve>
</suppress>
- <suppress>
- <notes>CVE-2020-13955 applies to Apache Calcite not Apache Calcite Avatica</notes>
- <packageUrl regex="true">^pkg:maven/org\.apache\.calcite\.avatica/avatica\-core@.*$</packageUrl>
- <cve>CVE-2020-13955</cve>
- </suppress>
- <suppress>
- <notes>CVE-2020-13955 applies to Apache Calcite not Apache Calcite Avatica</notes>
- <packageUrl regex="true">^pkg:maven/org\.apache\.calcite\/calcite-avatica@.*$</packageUrl>
- <cve>CVE-2020-13955</cve>
- </suppress>
<suppress>
<notes>CVE-2020-13955 applies to Apache Calcite not Apache Calcite Druid</notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.calcite\/calcite-druid@.*$</packageUrl>
<cve>CVE-2020-13955</cve>
</suppress>
- <suppress>
- <notes>CVE-2020-13955 applies to Apache Calcite Core not Apache Calcite Avatica subproject</notes>
- <packageUrl regex="true">^pkg:maven/org\.apache\.calcite\.avatica\/avatica(-metrics)?@.*$</packageUrl>
- <cve>CVE-2020-13955</cve>
- </suppress>
- <suppress>
- <notes>OpenTSDB vulnerabilities do not apply to HBase Async library</notes>
- <packageUrl regex="true">^pkg:maven/org\.hbase/asynchbase@.*$</packageUrl>
- <cpe>cpe:/a:opentsdb:opentsdb</cpe>
- </suppress>
- <suppress>
- <notes>Eclipse Equinox vulnerabilities do not apply to DataNucleus core library</notes>
- <packageUrl regex="true">^pkg:maven/org\.datanucleus/datanucleus\-core@.*$</packageUrl>
- <cpe>cpe:/a:eclipse:equinox</cpe>
- </suppress>
<suppress>
<notes>CVE-2018-8025 applies to HBase Server not HBase Client</notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.hbase/hbase\-client@.*$</packageUrl>
@@ -124,11 +94,6 @@
<packageUrl regex="true">^pkg:maven/org\.apache\.hbase/hbase\-client@.*$</packageUrl>
<cve>CVE-2019-0212</cve>
</suppress>
- <suppress>
- <notes>CVE-2014-3643 applies to Jersey Server not Jersey Core</notes>
- <packageUrl regex="true">^pkg:maven/com\.sun\.jersey/jersey\-core@.*$</packageUrl>
- <vulnerabilityName>CVE-2014-3643</vulnerabilityName>
- </suppress>
<suppress>
<notes>CVE-2007-6465 applies to Ganglia Server not Ganglia client libraries</notes>
<packageUrl regex="true">^pkg:maven/com\.yammer\.metrics/metrics\-ganglia@.*$</packageUrl>
@@ -180,23 +145,83 @@
<cpe regex="true">^cpe:/a:elastic.*$</cpe>
</suppress>
<suppress>
- <notes>CVE-2022-45046 description notes that the initial issue was not a security vulnerability</notes>
- <packageUrl regex="true">^pkg:maven/org\.apache\.camel/camel\-salesforce@.*$</packageUrl>
- <cve>CVE-2022-45046</cve>
+ <notes>Elasticsearch Server vulnerabilities do not apply to elasticsearch-rest-client-sniffer</notes>
+ <packageUrl regex="true">^pkg:maven/org\.elasticsearch\.client/elasticsearch\-.*?\-client-sniffer@.*$</packageUrl>
+ <cpe regex="true">^cpe:/a:elastic.*$</cpe>
</suppress>
<suppress>
- <notes>CVE-2020-36632 applies to JavaScript module named hughsk/flat not flatbuffers</notes>
- <packageUrl regex="true">^pkg:maven/com\.vlkan/flatbuffers@.*$</packageUrl>
- <cve>CVE-2020-36632</cve>
+ <notes>CVE-2022-34271 applies to Atlas Server not the Atlas client library</notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.atlas/.*$</packageUrl>
+ <cve>CVE-2022-34271</cve>
</suppress>
<suppress>
- <notes>CVE-2018-8015 applies to Apache ORC not to Apache Iceberg</notes>
- <packageUrl regex="true">^pkg:maven/org\.apache\.iceberg/iceberg\-orc@.*$</packageUrl>
- <cve>CVE-2018-8015</cve>
+ <notes>CVE-2022-30187 applies to Azure Blob not the EventHubs Checkpoint Store Blob library</notes>
+ <packageUrl regex="true">^pkg:maven/com\.azure/azure\-messaging\-eventhubs\-checkpointstore\-blob@.*$</packageUrl>
+ <cve>CVE-2022-30187</cve>
</suppress>
<suppress>
- <notes>CVE-2022-39135 applies to Calcite not Calcite Avatica</notes>
- <packageUrl regex="true">^pkg:maven/org\.apache\.calcite\.avatica/.*?@.*$</packageUrl>
+ <notes>CVE-2022-39135 applies to Apache Calcite core not the Calcite Druid library</notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.calcite/calcite\-druid@.*$</packageUrl>
<cve>CVE-2022-39135</cve>
</suppress>
+ <suppress>
+ <notes>CVE-2018-8016 applies to Apache Cassandra server not the client library</notes>
+ <packageUrl regex="true">^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$</packageUrl>
+ <cve>CVE-2018-8016</cve>
+ </suppress>
+ <suppress>
+ <notes>CVE-2018-1000873 applies to Jackson Java 8 Time modules not Jackson Annotations</notes>
+ <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-annotations@.*$</packageUrl>
+ <cve>CVE-2018-1000873</cve>
+ </suppress>
+ <suppress>
+ <notes>CVE-2021-34371 applies to Neo4j server not the driver library</notes>
+ <packageUrl regex="true">^pkg:maven/org\.opencypher\.gremlin/cypher\-gremlin\-neo4j\-driver@.*$</packageUrl>
+ <cve>CVE-2021-34371</cve>
+ </suppress>
+ <suppress>
+ <notes>CVE-2010-1151 applies to mod_auth_shadow in Apache HTTP Server not the FTP server library</notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.ftpserver/.*$</packageUrl>
+ <cve>CVE-2010-1151</cve>
+ </suppress>
+ <suppress>
+ <notes>CVE-2018-14335 applies to H2 running with a web server console enabled</notes>
+ <packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
+ <vulnerabilityName>CVE-2018-14335</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes>CVE-2022-31160 included in hadoop-client-api is not used</notes>
+ <packageUrl regex="true">^pkg:javascript/jquery\-ui@.*$</packageUrl>
+ <cve>CVE-2022-31160</cve>
+ </suppress>
+ <suppress>
+ <notes>CVE-2021-37533 applies to the Commons Net FTP Client which is not used in the version bundled with hadoop-client-runtime for Accumulo</notes>
+ <packageUrl regex="true">^pkg:maven/commons\-net/commons\-net@.*$</packageUrl>
+ <cve>CVE-2021-37533</cve>
+ </suppress>
+ <suppress>
+ <notes>CVE-2021-0341 applies to Android not OkHttp</notes>
+ <packageUrl regex="true">^pkg:maven/com\.squareup\.okhttp/okhttp@.*$</packageUrl>
+ <vulnerabilityName>CVE-2021-0341</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes>CVE-2023-25613 applies to an LDAP backend class for Apache Kerby not the Token Provider library</notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.kerby/token\-provider@.*$</packageUrl>
+ <cve>CVE-2023-25613</cve>
+ </suppress>
+ <suppress>
+ <notes>The Jetty Apache JSP library is not subject to Apache Tomcat vulnerabilities</notes>
+ <packageUrl regex="true">^pkg:maven/org\.mortbay\.jasper/apache\-jsp@.*$</packageUrl>
+ <cpe>cpe:/a:apache:tomcat</cpe>
+ </suppress>
+ <suppress>
+ <notes>Google BigQuery Storage is not the same as the gGRPC framework library</notes>
+ <packageUrl regex="true">^pkg:maven/com\.google\.api\.grpc/grpc\-google\-cloud\-bigquerystorage\-.*$</packageUrl>
+ <cpe>cpe:/a:grpc:grpc</cpe>
+ </suppress>
+ <suppress>
+ <notes>Google PubSubLite is not the same as the gRPC framework library</notes>
+ <packageUrl regex="true">^pkg:maven/com\.google\.api\.grpc/grpc\-google\-cloud\-pubsublite\-v1@.*$</packageUrl>
+ <cpe>cpe:/a:grpc:grpc</cpe>
+ </suppress>
</suppressions>
diff --git a/nifi-nar-bundles/nifi-graph-bundle/nifi-graph-test-clients/pom.xml b/nifi-nar-bundles/nifi-graph-bundle/nifi-graph-test-clients/pom.xml
index bc102e113e..9975fa0bdf 100644
--- a/nifi-nar-bundles/nifi-graph-bundle/nifi-graph-test-clients/pom.xml
+++ b/nifi-nar-bundles/nifi-graph-bundle/nifi-graph-test-clients/pom.xml
@@ -79,6 +79,10 @@
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.ivy</groupId>
+ <artifactId>ivy</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-test-utils/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-test-utils/pom.xml
index 154ec11eb4..42a148ef50 100644
--- a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-test-utils/pom.xml
+++ b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-test-utils/pom.xml
@@ -94,6 +94,14 @@
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.codehaus.groovy</groupId>
+ <artifactId>groovy-all</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.ivy</groupId>
+ <artifactId>ivy</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -117,6 +125,18 @@
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.woodstox</groupId>
+ <artifactId>woodstox-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.codehaus.groovy</groupId>
+ <artifactId>groovy-all</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.ivy</groupId>
+ <artifactId>ivy</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml
index a08f747edb..7713573b0b 100644
--- a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml
@@ -161,6 +161,10 @@
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.ivy</groupId>
+ <artifactId>ivy</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml b/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml
index f8b1ec4457..cab4c22032 100644
--- a/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml
@@ -147,6 +147,14 @@
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.codehaus.groovy</groupId>
+ <artifactId>groovy-all</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.ivy</groupId>
+ <artifactId>ivy</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/nifi-nar-bundles/nifi-ranger-bundle/pom.xml b/nifi-nar-bundles/nifi-ranger-bundle/pom.xml
index 75b7d7368f..011cd1aa8e 100644
--- a/nifi-nar-bundles/nifi-ranger-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-ranger-bundle/pom.xml
@@ -61,6 +61,12 @@
<artifactId>hadoop-common</artifactId>
<version>${ranger.hadoop.version}</version>
</dependency>
+ <!-- Override SolrJ 8.6.3 from Ranger -->
+ <dependency>
+ <groupId>org.apache.solr</groupId>
+ <artifactId>solr-solrj</artifactId>
+ <version>8.11.1</version>
+ </dependency>
</dependencies>
</dependencyManagement>
</project>
diff --git a/nifi-registry/nifi-registry-extensions/nifi-registry-ranger/pom.xml b/nifi-registry/nifi-registry-extensions/nifi-registry-ranger/pom.xml
index da4ce4556d..2777f8dd6b 100644
--- a/nifi-registry/nifi-registry-extensions/nifi-registry-ranger/pom.xml
+++ b/nifi-registry/nifi-registry-extensions/nifi-registry-ranger/pom.xml
@@ -60,6 +60,12 @@
<artifactId>zookeeper</artifactId>
<version>${zookeeper.version}</version>
</dependency>
+ <!-- Override SolrJ 8.6.3 from Ranger -->
+ <dependency>
+ <groupId>org.apache.solr</groupId>
+ <artifactId>solr-solrj</artifactId>
+ <version>8.11.1</version>
+ </dependency>
</dependencies>
</dependencyManagement>
</project>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 89af335557..9b35734a2d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1196,7 +1196,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
- <version>8.0.2</version>
+ <version>8.2.1</version>
<executions>
<execution>
<inherited>false</inherited>
@@ -1210,6 +1210,7 @@
<skipSystemScope>true</skipSystemScope>
<!-- Disable .NET Assembly Analyzer to avoid non-applicable errors -->
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
+ <skipProvidedScope>true</skipProvidedScope>
</configuration>
</execution>
</executions>
[nifi] 03/03: NIFI-11346 This closes #7088. Upgraded Parquet from 1.12.0 to 1.12.3
Posted by jo...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch support/nifi-1.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit e5843cde6f3be43ebbc6e37cbc56be253a8b5e14
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Mon Mar 27 18:01:44 2023 -0500
NIFI-11346 This closes #7088. Upgraded Parquet from 1.12.0 to 1.12.3
---
nifi-nar-bundles/nifi-hive-bundle/pom.xml | 5 +++++
nifi-nar-bundles/nifi-parquet-bundle/nifi-parquet-processors/pom.xml | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/nifi-nar-bundles/nifi-hive-bundle/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/pom.xml
index 47bd5fc07e..3e8257e612 100644
--- a/nifi-nar-bundles/nifi-hive-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-hive-bundle/pom.xml
@@ -110,6 +110,11 @@
<artifactId>xercesImpl</artifactId>
<version>2.12.2</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.parquet</groupId>
+ <artifactId>parquet-hadoop-bundle</artifactId>
+ <version>1.12.3</version>
+ </dependency>
</dependencies>
</dependencyManagement>
diff --git a/nifi-nar-bundles/nifi-parquet-bundle/nifi-parquet-processors/pom.xml b/nifi-nar-bundles/nifi-parquet-bundle/nifi-parquet-processors/pom.xml
index b1e5122026..53923abac2 100644
--- a/nifi-nar-bundles/nifi-parquet-bundle/nifi-parquet-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-parquet-bundle/nifi-parquet-processors/pom.xml
@@ -80,7 +80,7 @@
<dependency>
<groupId>org.apache.parquet</groupId>
<artifactId>parquet-avro</artifactId>
- <version>1.12.0</version>
+ <version>1.12.3</version>
<exclusions>
<exclusion>
<groupId>org.xerial.snappy</groupId>