David Handermann created NIFI-9782:
--------------------------------------
Summary: Exclude H2 from Druid Components
Key: NIFI-9782
URL: https://issues.apache.org/jira/browse/NIFI-9782
Project: Apache NiFi
Issue Type: Improvement
Reporter: David Handermann
Assignee: David Handermann
The {{nifi-druid-bundle}} includes several modules that have a transitive
dependency on {{com.h2database:h2}} version 1 through
{{{}io.druid:tranquility-core_2.11{}}}, which depends on
{{{}com.metamx:scala_util{}}}. The current dependency definition for
{{tranquility-core_2.11}} already excludes a number of unnecessary transitive
dependencies. The H2 transitive dependency should also be excluded to avoid
theoretical security vulnerabilities in version 1.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
