[NEW VERSION] NiFi v1.20, v1.21.0

[Jimvin]

Which new version of Apache NiFi should we support?

1.21.0

Additional information

NOTE These are still the 1.19.1 release notes, see https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.21.0 for the 1.21 release notes

Highlights of the 1.19.1 release include:

• Fixed regressions with NiFi talking to the Flow Registry faced in recent 1.17/1.18/1.19.0 releases.
• Fixed a regression introduced in 1.19.0 for Kafka SCRAM SASL handling.
• Added support for the SQLServer sql_variant type and other CDC related improvement/bugs.
• Numerous other simple bug fixes/dependency updates.
• A full list of issues that were resolved can be found at: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12352626
• Version 1.19.0
• Version 1.19.0 of Apache NiFi is a feature, improvement, bug fix and security focused release.

Highlights of the 1.19.0 release include:

• Java 8 will continue to work for all NiFi 1.x releases. However, we strongly encourage everyone to upgrade to Java 11.0.16 or newer as this is the recommended minimum version. And once we have the NiFi 2.x line support for Java 8 will no longer exist at all so this will help you with the transition.
• Provided a new processor to Put data to Apache Iceberg called PutIceberg.
• Provided a new processor to Put data to Snowflake using Snowpipe Ingest called PutSnowflake.
• Provided a new processor called UpdateDatabaseTable which will be very helpful for cases where the schema of data evolves and the backing tables being written to need DDL changes to accommodate it so data can keep flowing.
• The Consume Kafka Record processor now allows writing out the Kafka key of each message which can be quite helpful for certain Apache Kafka based flows.
• Docker images now support arm64 platforms in addition to amd64 (aka aarch64/x86_64). This includes Apple Silicon Macs with M1/M2 processors.
• Docker images now use Java 11.
• Upgraded numerous dependencies for security vulnerability concerns such as with Apache Commons Text, performance, functionality, or API stability as is the case with Apache Iceberg 1.0.
• Numerous bug fixes related to MergeContent, Stateless NiFi, ListenSyslog, and many other components.

A full list of issues that were resolved can be found at: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12352345

Changes required

Not aware of any breaking changes in this release.

Implementation checklist

Please don't change anything in this list. Not all of these steps are necessary for all versions.

• [x] https://github.com/stackabletech/docker-images/pull/365
• [x] https://github.com/stackabletech/nifi-operator/pull/464

[nick-hird]

Would it be possible to also address or mitigate any of the critical CVEs with this update, We have noticed that grype is reporting multiple critical CVEs with the docker.stackable.tech/stackable/nifi:1.18.0-stackable23.1.0 (shown below)

grype docker.stackable.tech/stackable/nifi@sha256:2a060257fafe9778617faaa36730edc1e240df4459e2e3a6f9f4b04aebc79bd6 | grep Critical
 ✔ Loaded image            
 ✔ Parsed image            
 ✔ Cataloged packages      [427 packages]
 ✔ Scanned image           [411 vulnerabilities]
commons-text                1.8                                     1.10.0       java-archive  GHSA-599f-7c49-w659  Critical  
commons-text                1.8                                                  java-archive  CVE-2022-42889       Critical  
jetty-schemas               5.2                                                  java-archive  CVE-2017-7658        Critical  
jetty-schemas               5.2                                                  java-archive  CVE-2017-7657        Critical  
log4j-over-slf4j            1.7.36                                               java-archive  CVE-2020-9493        Critical  
spring-core                 5.3.23                                               java-archive  CVE-2016-1000027     Critical  

Or are these CVEs more in the realms of Nifi itself.

[lfrancke]

We will look into this for the next release.

[soenkeliebau]

Needs input from @lfrancke if both versions should be released or just 1.21.0

[lfrancke]

I think we only want the latest. In other words: Please remove 1.20.