[
https://issues.apache.org/jira/browse/NIFI-13515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17867721#comment-17867721
]
Raj commented on NIFI-13515:
----------------------------
[~exceptionfactory] [~joewitt]
At least my team is using Kudu related processors in NIFI (PutKudu, Lookup..).
What alternate options are available after this removal?. The current version
we use is 1.27 and planning to migrate to 2.0.
> Remove PutKudu and KuduLookupService along with nifi-kudu-nar
> -------------------------------------------------------------
>
> Key: NIFI-13515
> URL: https://issues.apache.org/jira/browse/NIFI-13515
> Project: Apache NiFi
> Issue Type: Sub-task
> Reporter: Joe Witt
> Assignee: Joe Witt
> Priority: Major
> Fix For: 2.0.0-M5
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The kudu components have a very long standing HIGH vulnerability CVE stemming
> from its shading of an old netty
> kudu-client-1.17.0.jar (shaded: io.netty:netty-codec-http:4.1.94.Final)
> repository/org/apache/kudu/kudu-client/1.17.0/kudu-client-1.17.0.jar/META-INF/maven/io.netty/netty-codec-http/pom.xml
> MD5: b18b426e138cb17f5e44b8873b5afbac
> SHA1: 6b0212a0b0ae2b36c3500dda980e8547179575f8
> SHA256:62be40ca13b3b09b37980bfddc86bf6f30732d995231bf4549da362bff09cb64
> Referenced In Projects/Scopes:
> nifi-code-coverage:compile
> nifi-kudu-processors:compile
> nifi-kudu-controller-service:compile
> nifi-kudu-nar:compile
> The components are not maintained, the dependency sees infrequent activity,
> and usage seems quite limited.
> https://issues.apache.org/jira/browse/NIFI-13498
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
