David Handermann created NIFI-10395:
---------------------------------------
Summary: Add Apache Xalan to Banned Dependencies
Key: NIFI-10395
URL: https://issues.apache.org/jira/browse/NIFI-10395
Project: Apache NiFi
Issue Type: Improvement
Components: Tools and Build
Reporter: David Handermann
Assignee: David Handermann
Apache Xalan 2.7.2 was released in April 2014 and the description of
[CVE-2022-34169|https://nvd.nist.gov/vuln/detail/CVE-2022-34169] highlights the
fact that the project is dormant, with no future releases are planned.
Direct dependencies on Apache Xalan should not be necessary, as the standard
Java installation includes a bundled version. Changes in NIFI-8417 excluded one
transitive dependency on Xalan, so the root Maven configuration should be
updated to add Xalan to the list of banned dependencies, ensuring that no
future changes introduce it as a transitive dependency.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
