[cetic/nifi] Currently apache Nifi version is affected by vulnerability of log4j

feder89 commented 2 years ago

Describe the bug As stated in Nifi official website, NiFi docker images behind 1.15.3 tag are affected by vulnerability of log4j

Version of Helm, Kubernetes and the Nifi chart: Helm version : v3.3.4, k8s version: v1.20.7, NiFi chart version: 1.0.4

What happened: NiFi cluster inherits this vulnerbility

What you expected to happen: update to a NiFi version grater than 1.15.0 to fix this vulnerbility

How to reproduce it (as minimally and precisely as possible): verify docker image that will be run is 1.14.0, deploying helm chart version 1.0.4

Anything else we need to know:

gforeman02 commented 2 years ago

@feder89 there was some movement on the issue in #185 but it appears to have not made any traction. I would also like to see as officially part of the chart. We overrode in values.yaml. Additionally, we also upgraded the Zookeeper chart to align with Zookeeper 3.8.0.

banzo commented 2 years ago

@gforeman02 feel free to propose a PR with the upgraded NiFi version.

gforeman02 commented 2 years ago

@banzo i am working on a pr

gforeman02 commented 2 years ago

@banzo PR submitted. it looks like the Zookeeper version was already at 3.8.0 so that part is good to go.

cetic / helm-nifi

[cetic/nifi] Currently apache Nifi version is affected by vulnerability of log4j #257

Anything else we need to know: