[
https://issues.apache.org/jira/browse/NIFI-13515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18055920#comment-18055920
]
Chovan Zoltan commented on NIFI-13515:
--------------------------------------
[~joewitt] as [[email protected]] has previously stated, the issue is
fixed on the Kudu-side, are there any other blockers for getting the Kudu parts
back into the Nifi project?
> Remove PutKudu and KuduLookupService along with nifi-kudu-nar
> -------------------------------------------------------------
>
> Key: NIFI-13515
> URL: https://issues.apache.org/jira/browse/NIFI-13515
> Project: Apache NiFi
> Issue Type: Sub-task
> Reporter: Joe Witt
> Assignee: Joe Witt
> Priority: Major
> Fix For: 2.0.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The kudu components have a very long standing HIGH vulnerability CVE stemming
> from its shading of an old netty
> kudu-client-1.17.0.jar (shaded: io.netty:netty-codec-http:4.1.94.Final)
> repository/org/apache/kudu/kudu-client/1.17.0/kudu-client-1.17.0.jar/META-INF/maven/io.netty/netty-codec-http/pom.xml
> MD5: b18b426e138cb17f5e44b8873b5afbac
> SHA1: 6b0212a0b0ae2b36c3500dda980e8547179575f8
> SHA256:62be40ca13b3b09b37980bfddc86bf6f30732d995231bf4549da362bff09cb64
> Referenced In Projects/Scopes:
> nifi-code-coverage:compile
> nifi-kudu-processors:compile
> nifi-kudu-controller-service:compile
> nifi-kudu-nar:compile
> The components are not maintained, the dependency sees infrequent activity,
> and usage seems quite limited.
> https://issues.apache.org/jira/browse/NIFI-13498
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
