You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2022/06/21 17:45:59 UTC

[GitHub] [nifi] exceptionfactory commented on pull request #6144: NIFI-10149 Update Apache-JSP To 11.0.9

exceptionfactory commented on PR #6144:
URL: https://github.com/apache/nifi/pull/6144#issuecomment-1162086464

   @mr1716 I'm not sure what it reporting `jetty-schemas` 5.2 as a vulnerable dependency, but it is a false positive.
   
   The [jetty-schemas 5.2](https://search.maven.org/artifact/org.eclipse.jetty.toolchain/jetty-schemas) dependency is the latest version available, it does not contain code, only XML Schema Definitions.
   
   In addition, the changes proposed will not work, because Jetty 11 has many additional changes over 9.4, and the Jetty version is managed through the `jetty.version` property.
   
   This is a case where more detailed evaluation is necessary, so closing this pull request.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org