Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NIFI-12871 Upgrade Commons Compress from 1.25.0 to 1.26.1 #8488

Closed
wants to merge 1 commit into from
Closed

NIFI-12871 Upgrade Commons Compress from 1.25.0 to 1.26.1 #8488

wants to merge 1 commit into from

Conversation

exceptionfactory
Copy link
Contributor

Summary

NIFI-12871 Upgrades Apache Commons Compress dependencies from 1.25.0 to 1.26.1.

This upgrade resolves CVE-2024-26308 related to memory exhaustion for Pack200 files, which are not used directly in NiFi components. Commons Compress 1.26.1 also resolves a transitive dependency issue in version 1.26.0 related to the TarArchiveOutputStream.

This version is compatible with Java 8 and should be backported to the support branch.

Additional changes include updating the Excel Reader test to avoid message-based matching on failures, which surfaced when upgraded Commons Compress versions.

Tracking

Please complete the following tracking steps prior to pull request creation.

Issue Tracking

Pull Request Tracking

  • Pull Request title starts with Apache NiFi Jira issue number, such as NIFI-00000
  • Pull Request commit message starts with Apache NiFi Jira issue number, as such NIFI-00000

Pull Request Formatting

  • Pull Request based on current revision of the main branch
  • Pull Request refers to a feature branch with one commit containing changes

Verification

Please indicate the verification steps performed prior to pull request creation.

Build

  • Build completed using mvn clean install -P contrib-check
    • JDK 21

Licensing

  • New dependencies are compatible with the Apache License 2.0 according to the License Policy
  • New dependencies are documented in applicable LICENSE and NOTICE files

Documentation

  • Documentation formatting appears as expected in rendered files

@exceptionfactory
NIFI-12871 Upgraded Commons Compress from 1.25.0 to 1.26.1
c79aa2c 
- Adjusted Excel Record Reader test failure to use OpenXML Exception instead of message matching
@asfgit asfgit closed this in 90c7dba Mar 10, 2024
asfgit pushed a commit that referenced this pull request Mar 10, 2024
@exceptionfactory @pvillard31
NIFI-12871 Upgraded Commons Compress from 1.25.0 to 1.26.1
e21fb6a 
- Adjusted Excel Record Reader test failure to use OpenXML Exception instead of message matching

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #8488.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pvillard31 pvillard31 pvillard31 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@exceptionfactory @pvillard31