Hello Dependency maintenance was referenced but seems largely focused on cloud service updates. There are many other dependencies which need maintaining and there are many such dependencies which are listed as having HIGH or CRITICAL vulnerabilities in their version.
There needs to be considered effort to maintain dependencies (broadly) and ensure vulnerability reports are reviewed. This work is much more laborious on the 1.x line than the 2.x line to be clear. And some dependencies cannot be addressed as they abandoned older JVM lines long ago. But the things which can be updated do need to be. At a quick glance things we have there which need to be addressed solely based on reported vulnerabilities (this is not even close to complete and the outdated dependency list is dramatically larger): JRuby (ftp/yaml,etc.. libs with high/critical) Neo4j Jetty (though we can't solve it entirely) Various Hadoop/parquet/etc.. things which need to be updated to something recent h2 derby cypher-gremlin netty legacy kafka clients activemq spring-web/spring-webmvc protobuf-java many versions commons-config jjwt sshd guava commons-httpclient commons-compress spring-* questdb It isn't reasonable for us to produce feature bearing releases without in each case ensuring we're updating to the best of our options (Java 8/11/17 compatible libraries). Thanks Joe On Fri, Sep 27, 2024 at 10:18 AM Michael Moser <moser...@gmail.com> wrote: > There is a PR for https://issues.apache.org/jira/browse/NIFI-13549 which > only affects the 1.x codebase. It seems fairly straight forward, so should > be considered for 1.28 > > Thanks, > -- Mike > > > On Fri, Sep 27, 2024 at 10:13 AM Ferenc Kis <briansolo1...@gmail.com> > wrote: > > > Hi Team, > > > > Let's recap on the status. > > > > I'm aware of four tickets we are waiting for to get into the NiFi 1.28 > > release. > > > > - https://issues.apache.org/jira/browse/NIFI-13776: this is currently > > being reviewed on the 2.x line. My guess is once it's been merged into > > main, we can merge the PR for the 1.x line as well > > - https://issues.apache.org/jira/browse/NIFI-13776: this is a 1.x > only > > bugfix, and being reviewed > > - https://issues.apache.org/jira/browse/NIFI-13765: Jira is closed, > it > > turned out the issue does not impact the 1.x line > > - https://issues.apache.org/jira/browse/NIFI-13782: it seems it's > more > > complex than expected and needs additional efforts to complete > > > > In summary I think we should wait for the first two tickets as those are > > near to completion, then kick off the release. > > > > What do you think? Is there anything else we should add to the release? > > > > Regards > > Ferenc Kis > > > > On Thu, Sep 19, 2024 at 4:51 PM Shane Ardell <shane.m.ard...@gmail.com> > > wrote: > > > > > I'm also working on https://issues.apache.org/jira/browse/NIFI-13765. > > > Although not critical, it would be nice to have this in the next > release. > > > The fix is simple and I should have a PR open by tomorrow. > > > > > > Best, > > > Shane > > > > > > On Thu, Sep 19, 2024 at 7:23 AM Ferenc Kis <briansolo1...@gmail.com> > > > wrote: > > > > > > > Thank you for your feedback > > > > > > > > I think it is worth to wait for both fixes as those seem to fix > > critical > > > > issues > > > > > > > > Let's reiterate on this next week > > > > > > > > Regards > > > > Ferenc Kis > > > > > > > > On Thu, Sep 19, 2024 at 12:40 AM Dan S <dsti...@gmail.com> wrote: > > > > > > > > > I am also working on NIFI-13744 > > > > > <https://issues.apache.org/jira/browse/NIFI-13744> which is a bug > in > > > how > > > > > ExcelReader handles dates, times and timestamps. I am also > targeting > > > for > > > > a > > > > > fix by the end of the week. > > > > > > > > > > On Wed, Sep 18, 2024 at 4:31 PM Mike Thomsen < > mikerthom...@gmail.com > > > > > > > > wrote: > > > > > > > > > > > I found a serious bug in how copys3object handles large files and > > am > > > > > > working on a fix. I should have it ready by the end of the week, > > but > > > > > > without it the processor is broken on large file copy actions. > > > > > > > > > > > > Sent from my iPhone > > > > > > > > > > > > > On Sep 18, 2024, at 10:41 AM, Lucas Ottersbach < > > > > > > lucas.ottersb...@gmail.com> wrote: > > > > > > > > > > > > > > Hey Ferenc, > > > > > > > > > > > > > > thank you for starting the discussion. It sounds like a > > reasonable > > > > > amount > > > > > > > of time has passed and changes were introduced since the last > > > > release. > > > > > > > Waiting for the one pending PR sound reasonable. > > > > > > > Definitely a +1 from my side. > > > > > > > > > > > > > > Best regards, > > > > > > > > > > > > > > Lucas > > > > > > > > > > > > > > Ferenc Kis <briansolo1...@gmail.com> schrieb am Mi., 18. Sept. > > > 2024, > > > > > > 12:33: > > > > > > > > > > > > > >> Hi Team, > > > > > > >> > > > > > > >> I'd like to initiate a discussion about the next release of > NiFi > > > > 1.x. > > > > > > >> Since the release of Apache NiFi 1.27, several important bugs > > [1] > > > > > > including > > > > > > >> NIFI-13675 [2] have been resolved, and there have been a > handful > > > of > > > > > > >> features, improvements and dependency updates [3] added to the > > > > > nifi-1.x > > > > > > >> branch. > > > > > > >> > > > > > > >> Currently there is only one ticket waiting for review, all the > > > > others > > > > > > are > > > > > > >> merged, > > > > > > >> so it seems we are in a good position to kick off a release > for > > > NiFi > > > > > > 1.28.0 > > > > > > >> [4]. > > > > > > >> > > > > > > >> I would be glad to handle the Release Manager responsibilities > > for > > > > the > > > > > > >> 1.28.0 > > > > > > >> > > > > > > >> Do you agree it is time for a new release or do you see > > additional > > > > > > changes > > > > > > >> we should make? > > > > > > >> > > > > > > >> Regards, > > > > > > >> Ferenc Kis > > > > > > >> > > > > > > >> [1] > > > > > > >> > > > > > > >> > > > > > > > > > > > > > > > > > > > > > https://issues.apache.org/jira/browse/NIFI-13742?jql=project%20%3D%20NIFI%20AND%20issuetype%20%3D%20Bug%20AND%20fixVersion%20%3D%201.28.0 > > > > > > >> [2] https://issues.apache.org/jira/browse/NIFI-13675 > > > > > > >> [3] > > > > > > >> > > > > > > >> > > > > > > > > > > > > > > > > > > > > > https://issues.apache.org/jira/browse/NIFI-13727?jql=project%20%3D%20NIFI%20AND%20fixVersion%20%3D%201.28.0%20AND%20type%20!%3D%20BUG > > > > > > >> [4] > > > https://issues.apache.org/jira/projects/NIFI/versions/12354883 > > > > > > >> > > > > > > > > > > > > > > > > > > > > >
