[
https://issues.apache.org/jira/browse/NIFI-13934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17893155#comment-17893155
]
David Handermann commented on NIFI-13934:
-----------------------------------------
Thanks for noting the existing vulnerabilities [~joewitt], you are correct,
libthrift 0.9.3 and protobuf-java 2.5.0 have several vulnerabilities, so
removing Hive 3 removes these known vulnerabilities.
> Remove Hive 3 Catalog Support from Iceberg NAR
> ----------------------------------------------
>
> Key: NIFI-13934
> URL: https://issues.apache.org/jira/browse/NIFI-13934
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Apache Iceberg supports a [Hive Metastore
> Catalog|https://iceberg.apache.org/docs/nightly/hive/] for both Hive 3 and
> Hive 4. The Hive Catalog is part of Hive 4 itself.
> The Apache Hive project declared Hive 3 [end of
> life|https://hive.apache.org/general/downloads/] on 8 October 2024, so that
> version will not be receiving updates. As a result of these changes, Hive 3
> support should be removed for NiFi integrations for the Iceberg Hive Catalog.
> Removing existing support for Hive 3 will provide a cleaner foundation for
> potential future integration with Hive 4, avoiding the potential security
> issues related to an unsupported version of Hive.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
