Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.3.0
Description
A dependency scan found some old versions of dependencies being included. Some of these dependencies cannot be upgraded directly because they are transitive dependencies from a client library, etc. Others may conflict with related functionality.
mcgilman and I reviewed any dependency marked HIGH or MEDIUM severity and have categorized them into immediately actionable and "needs review" bins. Dependencies which would require upgrading client libraries such as HBase, Hive, or Hadoop will need SME evaluation from someone like bende or mattyb149. I will create subtasks for each of these and then execute the changes for the "immediately actionable" upgrades in a PR shortly.
Attachments
Issue Links
- relates to
-
NIFI-4432 Upgrade version of netty-all due to DoS possibility
- Resolved