exceptionfactory commented on pull request #5906: URL: https://github.com/apache/nifi/pull/5906#issuecomment-1083375293
@MikeThomsen On further research, the Santuario `xmlsec` dependency comes through a dependency on an older version of OpenSAML. That version of `xmlsec` is 1.5.8. The release notes for `xmlsec` 2.0.0 do not enumerate the details of what deprecated methods were removed, but upgrading a transitive major version could be problematic. The [spring-security-saml2-core](https://github.com/spring-projects/spring-security-saml) library itself reached end of life in October 2021. Spring Security 5.6 incorporates direct support for SAML 2, although the API and implementation classes have a number of differences. Although it will be more work to make that transition, I think that will be a better way forward as opposed to introducing this transitive version upgrade. The Apache POI library upgrade could be broken out into a separate PR, which seems like a straightforward upgrade. I will create a new Jira issue for upgrading the SAML 2 implementation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
