[
https://issues.apache.org/jira/browse/NIFI-15944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18081314#comment-18081314
]
David Handermann commented on NIFI-15944:
-----------------------------------------
Thanks for opening this issue [[email protected]].
Reviewing
[kudu-client:1.18.1|https://central.sonatype.com/artifact/org.apache.kudu/kudu-client/1.18.1]
there are multiple medium and high severity vulnerabilities with the bundled
version of Netty. This release version is over five months old, which explains
why there are unresolved vulnerabilities.
Unfortunately the packaging strategy and release cadence of the Kudu Client for
Java do not appear to lend themselves to adequate handling of security issues
for consumers like Apache NiFi.
Rather than pursuing the reintroduction of Apache Kudu components in Apache
NiFi itself, I recommend pursuing a maintenance strategy under the Apache Kudu
project.
Apache NiFi has decoupled the public Apache NiFi API release process from the
core framework, supporting clearer boundaries of integration for extension
components. In light of the remaining concerns and the difference in release
cadence, pursuing maintenance under Apache Kudu seems like a better strategy
going forward.
> Re-introduction of Kudu support
> -------------------------------
>
> Key: NIFI-15944
> URL: https://issues.apache.org/jira/browse/NIFI-15944
> Project: Apache NiFi
> Issue Type: Task
> Reporter: Abhishek Chennaka
> Priority: Major
>
> Hi [~joewitt] , thanks for the guidance in NIFI-13515. I've opened this new
> Jira to track the re-introduction of Kudu support. To address your concerns:
> both me and [~zchovan] are committed to maintaining these components and
> ensuring dependencies stay updated. We’ve verified that Kudu 1.17.1 (and
> later) resolves the previous blockers.
> Let us know if we can start working on a PR for this or if there is any other
> clarification you need before that.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
