[NIFI-13515] Remove PutKudu and KuduLookupService along with nifi-kudu-nar - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0.0-M5
Component/s: None
Labels:
None

Description

The kudu components have a very long standing HIGH vulnerability CVE stemming from its shading of an old netty

kudu-client-1.17.0.jar (shaded: io.netty:netty-codec-http:4.1.94.Final)
repository/org/apache/kudu/kudu-client/1.17.0/kudu-client-1.17.0.jar/META-INF/maven/io.netty/netty-codec-http/pom.xml
MD5: b18b426e138cb17f5e44b8873b5afbac
SHA1: 6b0212a0b0ae2b36c3500dda980e8547179575f8
SHA256:62be40ca13b3b09b37980bfddc86bf6f30732d995231bf4549da362bff09cb64
Referenced In Projects/Scopes:

nifi-code-coverage:compile
nifi-kudu-processors:compile
nifi-kudu-controller-service:compile
nifi-kudu-nar:compile

The components are not maintained, the dependency sees infrequent activity, and usage seems quite limited.

https://issues.apache.org/jira/browse/NIFI-13498

Attachments

Issue Links

links to

GitHub Pull Request #9048

mentioned in: Page Loading...

Activity

People

Assignee:: Joe Witt

Reporter:: Joe Witt

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 04/Jul/24 20:28

Updated:: 31/Jul/24 20:20

Resolved:: 05/Jul/24 16:26

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m