[
https://issues.apache.org/jira/browse/NIFI-13934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17893154#comment-17893154
]
Joe Witt commented on NIFI-13934:
---------------------------------
Not just potential, right? I see we have two vulnerable libraries remaining
which are libthrift 0.9.3 and protobuf-java-2.5.0 both of which are referenced
in the iceberg usage of the hive3 metastore. ANd looks like protobuf is also a
problem for hbase.
The libthrift issue is apparently from 2018 at least based on the CVE so
fortunately this solves that.
This should absolutely go. Thanks for flagging!
> Remove Hive 3 Catalog Support from Iceberg NAR
> ----------------------------------------------
>
> Key: NIFI-13934
> URL: https://issues.apache.org/jira/browse/NIFI-13934
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
>
> Apache Iceberg supports a [Hive Metastore
> Catalog|https://iceberg.apache.org/docs/nightly/hive/] for both Hive 3 and
> Hive 4. The Hive Catalog is part of Hive 4 itself.
> The Apache Hive project declared Hive 3 [end of
> life|https://hive.apache.org/general/downloads/] on 8 October 2024, so that
> version will not be receiving updates. As a result of these changes, Hive 3
> support should be removed for NiFi integrations for the Iceberg Hive Catalog.
> Removing existing support for Hive 3 will provide a cleaner foundation for
> potential future integration with Hive 4, avoiding the potential security
> issues related to an unsupported version of Hive.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
