Hi Mike, The deprecation warning is not related to NIFI-10567 or Sensitive Dynamic Properties.
Deprecation logging is a new feature added in NiFi 1.18.0 to highlight components and features that are targeted for removal in future major releases. The current administrator's guide has more details on deprecation logging. [1] Deprecation warnings do not impact operational behavior, but they do identify configuration settings that should be changed. In this particular case, the deprecation is related to the use of the insecure algorithm. NiFi 1.14.0 and following introduced new Sensitive Properties Key Algorithm settings, which should be used instead of the historical default value indicated in the warning. The new default value is NIFI_PBKDF2_AES_GCM_256, additional supported options are listed in the administrator's guide, [2] along with the command that can be run to update the Sensitive Properties Key Algorithm. [3] Feel free to follow up if you have additional questions. Regards, David Handermann [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#deprecation-logging [2] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#property-encryption-algorithms [3] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#updating-the-sensitive-properties-algorithm On Wed, Oct 19, 2022 at 7:28 AM Mike S <[email protected]> wrote: > I upgraded from 1.16.2 to 1.18.0 and now see this warning in the log file. > > WARN [Flow Service Tasks Thread-1] d.o.a.n.s.u.c.NiFiLegacyCipherProvider > Insecure Cipher Provider Algorithm [PBEWITHMD5AND256BITAES-CBC-OPENSSL] > generate salt requested > org.apache.nifi.deprecation.log.DeprecationException: Reference Class > [org.apache.nifi.security.util.crypto.NiFiLegacyCipherProvider] ClassLoader > [org.apache.nifi.nar.NarClassLoader[./work/nar/framework/nifi-framework-nar-1.18.0.nar-unpacked]] > > I read this here. > > NIFI-10567 <https://issues.apache.org/jira/browse/NIFI-10567> Corrects > the parsing of Sensitive Dynamic Properties read from the XML version of > the flow configuration, in absence of the JSON version. > > The issue surfaces when upgrading to NiFi 1.17.0 or 1.18.0 from a version > older than 1.16.0. The issue also requires the presence of a Parameter > Context with a Sensitive value assigned to a component with a Sensitive > Property. Upgrading from 1.16.0 and following is not a problem. > > It appears that all my ListS3 processors using sensitive properties are > working. > > Is this related since 1.16.2 has the latest flow.json.gz file? > > > Mike >
