Joe Witt created NIFI-12128:
-------------------------------
Summary: Resolve reported vulnerable libraries from
dependency-check
Key: NIFI-12128
URL: https://issues.apache.org/jira/browse/NIFI-12128
Project: Apache NiFi
Issue Type: Improvement
Reporter: Joe Witt
Assignee: Joe Witt
Running in docker - docker scout shows a variety of vulnerable libraries
including things that are shaded. Many of which are in hbase/hadoop related
libs.
Running the dependency check such as mvn validate -P dependency-check
We get the typical long list. Time to review and pick off several to
improve/resolve.
We should consider removing the hadoop related components from the default
convenience build. People can still use those nars but we can save space not
packaging them and we avoid shipping them and the vulnerable libs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
