[ 
https://issues.apache.org/jira/browse/NIFI-4300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16883265#comment-16883265
 ] 

Nathan Gough commented on NIFI-4300:
------------------------------------

* com.fasterxml.jackson.core:jackson-core in nifi-elasticsearch-5-processors 
2.8.1 -> 2.8.6 | Can upgrade to}} 2.8.6 of * 
org.elasticsearch.client:transport}} in (and update nifi-expression-language to 
2.8.6). Confirm with Bende.
 * Upgraded so it's now 2.9.9


 * com.fasterxml.jackson.core:jackson-core in nifi-spark-receiver 2.6.5 -> 
2.8.6 | Could update direct dependency on * jackson-databind but would conflict 
with spark-core_2.10.

 ** Upgraded so it's now 2.9.9
 * com.fasterxml.jackson.core:jackson-core in nifi-gcp-nar 2.1.3 -> 2.8.6 | 
Possible manual exclusion, but multiple dependencies * requiring the depender 
(google-auth-library-oauth2-http).
 * Upgraded so it's now 2.9.9

> Further review dependency upgrades
> ----------------------------------
>
>                 Key: NIFI-4300
>                 URL: https://issues.apache.org/jira/browse/NIFI-4300
>             Project: Apache NiFi
>          Issue Type: Sub-task
>          Components: Extensions
>    Affects Versions: 1.3.0
>            Reporter: Andy LoPresto
>            Priority: Major
>              Labels: dependencies, security
>
> For further review: 
> * {{org.apache.poi:poi}} in {{nifi-media-nar}} 3.12-beta1 -> 3.15     | Would 
> require upgrading to a new version of tika-core/tika-parses * which have catx 
> json dependencies.        
> * {{commons-fileupload:commons-fileupload}} in {{nifi-gcp-nar}} 1.3.1 -> 
> 1.3.2 | Would require upgrading google-cloud but no production * release 
> since}} 0.8.0. Could manually exclude commons-fileupload and directly depend 
> on the newer version.  
> * {{commons-fileupload:commons-fileupload}} in {{nifi-gcp-nar}} 1.3.1 -> 
> 1.3.2 | Would require upgrading google-cloud but no production * release 
> since}} 0.8.0. Could manually exclude commons-fileupload and directly depend 
> on the newer version.  
> * {{commons-collections:commons-collections}} in 
> {{nifi-hbase_1_1_2-client-service}} 3.2.1 -> 3.2.2 | Check with 
> Burgess/Bende. Would * require manual exclusive across multiple dependencies 
> and directly dependency on}} 3.2.2.     
> * {{commons-httpclient:commons-httpclient}} in {{nifi-hdfs-processors}} 3.1 
> -> 4.5.3 | 3.x EOL. Would require hadoop upgrade or manually * exclusive. 
> However, manual exclusive is super risky given the version difference.  
> * {{commons-httpclient:commons-httpclient}} in {{nifi-hdfs-processors}} 3.1 
> -> 4.5.3 | 3.x EOL Would require hadoop upgrade or manually * exclusive. 
> However, manual exclusive is super risky given the version difference.   
> * {{com.fasterxml.jackson.core:jackson-core}} in {{nifi-gcp-nar}} 2.1.3 -> 
> 2.8.6 | Possible manual exclusion, but multiple dependencies * requiring the 
> depender (google-auth-library-oauth2-http).   
> * {{commons-httpclient:commons-httpclient}} in {{nifi-hive-processors}} 3.0.1 
> -> 4.5.3 | 3.x EOL Would require hadoop upgrade or manually * exclusive. 
> However, manual exclusion is super risky given the version difference. 
> * {{commons-httpclient:commons-httpclient}} in {{nifi-hive-processors}} 3.0.1 
> -> 4.5.3 | 3.x EOL Would require hadoop upgrade or manually * exclusive. 
> However, manual exclusion is super risky given the version difference. 
> * {{com.fasterxml.jackson.core:jackson-core}} in 
> {{nifi-elasticsearch-5-processors}} 2.8.1 -> 2.8.6 | Can upgrade to}} 2.8.6 
> of * org.elasticsearch.client:transport}} in {{(and update 
> nifi-expression-language to}} 2.8.6). Confirm with Bende.     
> * {{commons-httpclient:commons-httpclient}} in {{nifi-ranger-nar}} 4.2.5 -> 
> 4.5.3 | Would require manual exclusion through hadoop-common * and 
> hadoop-auth.   
> * {{com.fasterxml.jackson.core:jackson-core}} in {{nifi-spark-receiver}} 
> 2.6.5 -> 2.8.6 | Could update direct dependency on * jackson-databind but 
> would conflict with spark-core_2.10.       
> * {{commons-collections:commons-collections}} in 
> {{nifi-hbase_1_1_2-client-service}} 3.2.1 -> 3.2.2 | Would require manual 
> exclusion.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Reply via email to