r-sidd commented on PR #7368: URL: https://github.com/apache/nifi/pull/7368#issuecomment-1587668039
> Thanks for the contribution @r-sidd, however, this change cannot go forward at this time. The Jakarta Activation library is a dependency of Jakarta Mail, which is also on version 1 right due to interrelated dependencies from JAXB. > > In general, upgrading major version library versions is a more involved process, so please review the implications of changes prior to submitting pull requests. > > In addition, Jakarta Activation 1.2.2 is not vulnerable to [CVE-2020-15250](https://github.com/advisories/GHSA-269g-pwp5-87pp) as mentioned on the Jira issue. That vulnerability applies to JUnit, which is a build time dependency, not a runtime dependency. Sorry about that, thanks for the explanation 🙂 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
