[
https://issues.apache.org/jira/browse/NIFI-13515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17934423#comment-17934423
]
Raj edited comment on NIFI-13515 at 3/12/25 6:36 AM:
-----------------------------------------------------
[~exceptionfactory] , [~joewitt] we are already in 2.0.0-M4 and stuck in this
version due to Kudu processor unavailability. How do we proceed with further
upgrades?. We are not Java developers so not sure what to do.
was (Author: JIRAUSER290551):
[~exceptionfactory] we are already in 2.0.0-M4 and stuck in this version due to
Kudu processor unavailability. How do we proceed with further upgrades?. We are
not Java developers so not sure what to do.
> Remove PutKudu and KuduLookupService along with nifi-kudu-nar
> -------------------------------------------------------------
>
> Key: NIFI-13515
> URL: https://issues.apache.org/jira/browse/NIFI-13515
> Project: Apache NiFi
> Issue Type: Sub-task
> Reporter: Joe Witt
> Assignee: Joe Witt
> Priority: Major
> Fix For: 2.0.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The kudu components have a very long standing HIGH vulnerability CVE stemming
> from its shading of an old netty
> kudu-client-1.17.0.jar (shaded: io.netty:netty-codec-http:4.1.94.Final)
> repository/org/apache/kudu/kudu-client/1.17.0/kudu-client-1.17.0.jar/META-INF/maven/io.netty/netty-codec-http/pom.xml
> MD5: b18b426e138cb17f5e44b8873b5afbac
> SHA1: 6b0212a0b0ae2b36c3500dda980e8547179575f8
> SHA256:62be40ca13b3b09b37980bfddc86bf6f30732d995231bf4549da362bff09cb64
> Referenced In Projects/Scopes:
> nifi-code-coverage:compile
> nifi-kudu-processors:compile
> nifi-kudu-controller-service:compile
> nifi-kudu-nar:compile
> The components are not maintained, the dependency sees infrequent activity,
> and usage seems quite limited.
> https://issues.apache.org/jira/browse/NIFI-13498
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
