[jira] [Commented] (NIFI-10184) Update Antlr-Runtime To 4.X

David Handermann (Jira) Fri, 06 Mar 2026 16:13:08 -0800


    [ 
https://issues.apache.org/jira/browse/NIFI-10184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18063680#comment-18063680
 ]


David Handermann commented on NIFI-10184:
-----------------------------------------

Upgrading to ANTLR 4 is needed, but it requires more refactoring.

> Update Antlr-Runtime To 4.X
> ---------------------------
>
>                 Key: NIFI-10184
>                 URL: https://issues.apache.org/jira/browse/NIFI-10184
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.15.3, 1.16.1, 1.16.2, 1.16.3
>            Reporter: Mike R
>            Priority: Major
>
> The current version of nifi-record-serialization-services includes a compile 
> dependency of antlr-runtime of 3.5.2. The antlr-runtime of 3.5.2 has a 
> vulnerable dependency of a vulnerable version of junit 4.10, which has 
> CVE-2020-15250 filed against it. If possible, would updating to version 4.X 
> work?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (NIFI-10184) Update Antlr-Runtime To 4.X

Reply via email to