s specifically applicable but rather sourcing dependencies at runtime
> is not an ideal production practice without some additional controls in
> place.
>
> Thanks
> Joe
>
> On Wed, Jul 24, 2024 at 4:51 PM Matthew Hawkins
> wrote:
>
> > Hi David,
> >
> &
Hi David,
See the RHEL bug [1] for the shellacking this now rescinded CVE received.
Removing pip from the python side should also be accompanied by removing
maven from the Java side, if you are serious about addressing the actual
security concern raised in this CVE.
(That malicious content may
Hi Mark,
NiFi supports many different forms of authentication. The "simple" way is
"http basic" and you can roll your own /etc/passwd style authenticator with
it. I actually recommend NOT doing this unless it's a test system as http
basic is trash and can be a right pest if you need to "unauth".
It's more than that,
You also need to setup TLS keys for the hostname, user accounts, etc. Also,
I would never expose a service directly on a public IP that way either. Use
a priv subnet and access via a VPN. Route 53 can manage DNS for a private
domain so you can have eg nifi-1.mycloud as the
A reminder I tossed up a gist over here with a java keytool version of a
local CA with a NiFi bent:
https://gist.github.com/hawko2600/922b727634784614465b83e52ec2be52
For clusters, you just need a key per host and share them around the common
truststore.jks
Consider it Apache License 2.0.
On
The wait/notify pattern might work here too.
https://pierrevillard.com/2018/06/27/nifi-workflow-monitoring-wait-notify-pattern-with-split-and-merge/
Wait the getfile and notify when the validatejson is stopped?
On Tue, 6 Feb 2024, 22:55 Mike Thomsen, wrote:
> I think the easiest way to do
the dockerfile.
>
> As far as the repo volumes they can be mapped as you wish now. It is how I
> keep updating my own flow deployments I test with when I want to retain
> state across deployment. Are you not able to map them?
>
> Thanks
>
>
>
> On Tue, Nov 28, 2023 a
Two Q's regarding the docker container;
1. Why the Debian version instead of Alpine? Was it compatibility with
external stuff? I can confirm 2.0.0-M1 works fine with the alpine version
of liberica-jdk on at least basic flows, with python enabled. It'll save
disk space. I love Debian but Alpine is
Hi Team,
As a user I think re-implementing certain scripting languages in Java is a
bad idea compared to having a robust API that any language current or
future can interface with. I make a lot of use of ExecuteProcess and
anecdotally haven't experienced a situation where externally running the
I've had similar issues with the different processing done by
JoltTransformJSON and JoltTransformRecord and threw my hands in the air and
just ExcuteScript out to some Python that transforms the data correctly.
Try to minimise content transformations so the content repository doesn't
bloat with
Hi devs,
I figured this one out from earlier in the month;
/nifi-docs/css/component-usage.css has a hard-coded import from
https://fonts.googleapis.com/ which of course cannot work on an offline
system. This causes 30+ seconds of waiting for DNS to not resolve the
Internet host before the page
inate the needed maintenance efforts associated
> with TLS Toolkit, this seems worth some one-time effort.
>
>
> On Sun, Sep 17, 2023 at 1:46 AM Matthew Hawkins
> wrote:
>
> > NiFi in certain configurations requires a specific set of x509_v3
> > extensions, e.g. whe
NiFi in certain configurations requires a specific set of x509_v3
extensions, e.g. when using InvokeHTTP. This is automatically added when
using TLS Toolkit but all other options relies upon the CA either accepting
and passing through extensions in the request, or specifically adding them
in.
You
the double quotes around the EL expression results in a Java
exception for the spec being invalid. Doing the same with JoltTransformJSON
results in a Java exception for the type conversion failure when
marshalling the object.
On Thu, 24 Aug 2023, 14:06 Matthew Hawkins, wrote:
>
alhost). I find this problem less acute on older
> versions of NiFi (1.1.3.2) than more recent ones (1.23.0, 1.19.1).
>
> Thanks,
> Russ
>
> On 8/20/23 19:03, Matthew Hawkins wrote:
> > Hi Russell,
> >
> > Something I've noticed myself, and it's easily reproduc
:
> Matthew,
>
> What was your second case trying to use ${now():toNumber()} ? My unit
> test evaluated the expression into an integer and it worked (versus
> putting the expression in quotes which would make it a string).
>
> Regards,
> Matt
>
> On Tue, Aug 15, 2023 at 4:
Hi Russell,
Something I've noticed myself, and it's easily reproducible on the Usage
pages for processors, is that Nifi is doing a reverse DNS lookup when
loading the page. If your DNS is broken, it can take 10-30 seconds for the
page content to appear.
Kr,
On Fri, 18 Aug 2023, 07:29 Russell
Just be aware that simple regex would also include undesirable outcomes
like null hashes and weak bit strengths, effecting a downgrade attack. You
should also explicitly exclude them using something like
nifi.web.https.ciphersuites.exclude=.*128.*,.*NULL.*
Or whatever suits your needs. It
d work, but I'll try to
> > reproduce it and follow up, thanks for bringing this to our attention!
> >
> > Regards,
> > Matt
> >
> > [1] https://issues.apache.org/jira/browse/NIFI-4957
> >
> > On Thu, Aug 10, 2023 at 6:53 AM Matthew Hawkins
&g
Hi devs,
Using 1.23.0 I have a simple transform adding some flowfile attributes into
the content.
When putting the spec directly to the processor it works fine. If I have
the spec in an external file however it seems to put in the literal string
${attrname} - ie the EL didn't process.
Have I
Nifi is a Java based application and so the underlying OS is irrelevant as
long as you're;
a) using a supported JVM version (8-17 LTS should be fine, I believe
release is built using 11)
b) reading the release notes of your JVM on your OS to comprehend any local
issues, which you can take up with
Hi Adam,
PostHTTP was marked deprecated 3 years ago (aka six technology lifetimes).
The successive technologies to replace it's functionality are well
documented and proven in production. The technical reason to remove it is
that it is superfluous code that has a cost to maintain and zero
te and I'm new to contributing to
NiFi so keen to hear what experienced devs think.
--
Kind regards,
Matthew Hawkins
23 matches
Mail list logo