[jira] [Commented] (NIFI-7804) Dependencies ending up in nifi-standard-services-api

Mon, 14 Sep 2020 08:55:18 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-7804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17195545#comment-17195545
 ] 

Joe Witt commented on NIFI-7804:
--------------------------------

...in addition to the dependency implications it sounds like from comments in 
nifi slack 
https://apachenifi.slack.com/archives/C0L9UPWJZ/p1600097281032100....that we've 
harmed compatibility.

Generally this is ok and we've updated the migration guide to show this for 
now.  Users can upload their custom nar plus the nar versions it was dependent 
on and this should be fine.  However, for something like the SSL Context this 
is a bit tougher as that is so common.  We probably should consider pulling 
that into a defended API we honor at the same level as the nifi-api.  

Anyway...we need to really think and resolve this sufficiently before kicking 
out 1.12.1

> Dependencies ending up in nifi-standard-services-api
> ----------------------------------------------------
>
>                 Key: NIFI-7804
>                 URL: https://issues.apache.org/jira/browse/NIFI-7804
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.10.0, 1.11.0, 1.12.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4
>            Reporter: Bryan Bende
>            Priority: Critical
>             Fix For: 1.12.1
>
>
> One of the changes in https://issues.apache.org/jira/browse/NIFI-7407 was a 
> refactoring to the SSLContextService interface which added classes from 
> nifi-security-utils. The result is that nifi-standard-services-api-nar now 
> has transitive dependencies of nifi-security-utils included...
> {code:java}
> bcpkix-jdk15on-1.66.jar
> bcprov-jdk15on-1.66.jar
> bcrypt-0.9.0.jar
> bytes-1.3.0.jar
> commons-codec-1.14.jar
> commons-lang3-3.9.jar {code}
> This means any NAR that has a parent of nifi-standard-services-api-nar, which 
> is most of them, now has these on the classpath which may conflict with 
> versions of the same libraries used in the child NAR.
> We should come up with a way to not depend on nifi-security-utils, or split 
> it up into more isolated modules so that these dependencies don't get brought 
> in to the service APIs.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to