[
https://issues.apache.org/jira/browse/NIFI-9782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17503826#comment-17503826
]
ASF subversion and git services commented on NIFI-9782:
-------------------------------------------------------
Commit 4a46b087b866205fb85d92853fc82398612d35c9 in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=4a46b08 ]
NIFI-9782 This closes #5854. Excluded H2 DB from nifi-druid-bundle
Signed-off-by: Joe Witt <[email protected]>
> Exclude H2 from Druid Components
> --------------------------------
>
> Key: NIFI-9782
> URL: https://issues.apache.org/jira/browse/NIFI-9782
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Fix For: 1.16.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The {{nifi-druid-bundle}} includes several modules that have a transitive
> dependency on {{com.h2database:h2}} version 1 through
> {{{}io.druid:tranquility-core_2.11{}}}, which depends on
> {{{}com.metamx:scala_util{}}}. The current dependency definition for
> {{tranquility-core_2.11}} already excludes a number of unnecessary transitive
> dependencies. The H2 transitive dependency should also be excluded to avoid
> theoretical security vulnerabilities in version 1.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
