diff --git a/CHANGELOG.md b/CHANGELOG.md index 994084a31..9afed0a4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,8 @@ All notable changes to this project will be documented in this file. `check-permissions-ownership.sh` provided in stackable-base image ([#1041]). - nifi: check for correct permissions and ownerships in /stackable folder via `check-permissions-ownership.sh` provided in stackable-base image ([#1027]). +- nifi: Add [nifi-iceberg-bundle] for NiFi `2.4.0` ([#1060], [#1106]). +- nifi: Add `2.4.0` ([#1114]). - opa: check for correct permissions and ownerships in /stackable folder via `check-permissions-ownership.sh` provided in stackable-base image ([#1038]). - opa: Add `1.4.2` ([#1103]). @@ -35,7 +37,6 @@ All notable changes to this project will be documented in this file. `check-permissions-ownership.sh` provided in stackable-base image ([#1025]). - zookeeper: check for correct permissions and ownerships in /stackable folder via `check-permissions-ownership.sh` provided in stackable-base image ([#1043]). -- nifi: Add [nifi-iceberg-bundle](https://github.com/stackabletech/nifi-iceberg-bundle) for NiFi `2.2.0` ([#1060], [#1106]). - java: Add JDK 24 ([#1097]). - ci: Add golang image to mirror workflow ([#1103]). @@ -81,7 +82,9 @@ All notable changes to this project will be documented in this file. - opa: Remove `0.67.1` ([#1103]). - opa: Remove legacy bundle-builder from container build ([#1103]). - druid: Remove `30.0.0` ([#1110]). +- nifi: Remove `2.2.0` ([#1114]). +[nifi-iceberg-bundle]: https://github.com/stackabletech/nifi-iceberg-bundle [#1025]: https://github.com/stackabletech/docker-images/pull/1025 [#1027]: https://github.com/stackabletech/docker-images/pull/1027 [#1028]: https://github.com/stackabletech/docker-images/pull/1028 @@ -112,6 +115,7 @@ All notable changes to this project will be documented in this file. [#1106]: https://github.com/stackabletech/docker-images/pull/1106 [#1108]: https://github.com/stackabletech/docker-images/pull/1108 [#1110]: https://github.com/stackabletech/docker-images/pull/1110 +[#1114]: https://github.com/stackabletech/docker-images/pull/1114 [#1116]: https://github.com/stackabletech/docker-images/pull/1116 ## [25.3.0] - 2025-03-21 diff --git a/nifi/Dockerfile b/nifi/Dockerfile index 5408bf6e5..001e1f425 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -81,6 +81,8 @@ if [[ "${PRODUCT}" != 1.* ]] ; then curl "https://github.com/stackabletech/nifi-iceberg-bundle/archive/refs/tags/${NIFI_ICEBERG_BUNDLE}.tar.gz" | tar -xzC . cd nifi-iceberg-bundle-${NIFI_ICEBERG_BUNDLE} || exit + sed -i -e "s/{{ NIFI_VERSION }}/${PRODUCT}/g" pom.xml + mvn \ --batch-mode \ --no-transfer-progress\ diff --git a/nifi/stackable/patches/2.2.0/0002-Allow-bypassing-check-for-host-header.patch b/nifi/stackable/patches/2.2.0/0002-Allow-bypassing-check-for-host-header.patch deleted file mode 100644 index caa3cca26..000000000 --- a/nifi/stackable/patches/2.2.0/0002-Allow-bypassing-check-for-host-header.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 63c87c2fde2714836fe3f522605ac24a39b2c81f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B6nke=20Liebau?= -Date: Mon, 24 Jun 2024 09:04:43 +0200 -Subject: Allow bypassing check for host header - -NiFi has the configuration option 'nifi.web.proxy.host' which controls allowed -values for the host header field in any incoming request for the web ui. - -This frequently causes issues when trying to expose the NiFi UI via for example -an ingress, loadbalancer or any similar type of mechanism. - -NiFi does not allow to disable this behavior, so at the moment the nifi operator -simply hardcodes all even remotely possible values into this field. -But in order to allow putting for example in ingress in front of NiFi this means -using config overrides to change the value of this option, copy all the values -the operator put in there and add the extra value you need. - -This is less than ideal, the proper solution would probably be -https://github.com/stackabletech/nifi-operator/issues/604 - -But until that is merged this is a simple workaround that allows overriding the list of allowed -hostnames by just setting it to "*" and this will effectively bypass the hostname check entirely if set. - -This allows us to keep the default behavior in place for those users where it works and not remove -security features, but also enables users to disable this check if they know what they are doing. ---- - .../org/apache/nifi/web/server/HostHeaderHandler.java | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java -index 97337d63e2..12ce1d8646 100644 ---- a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java -+++ b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java -@@ -47,6 +47,7 @@ public class HostHeaderHandler extends Handler.Abstract { - private final String serverName; - private final int serverPort; - private final List validHosts; -+ private boolean allowAllHosts = false; - - /** - * Instantiates a handler which accepts incoming requests with a host header that is empty or contains one of the -@@ -68,6 +69,11 @@ public class HostHeaderHandler extends Handler.Abstract { - // The value(s) from nifi.web.proxy.host - hosts.addAll(parseCustomHostnames(niFiProperties)); - -+ // Check if the setting for allowed hosts has only the wildcard entry and -+ // if so store this in allowAllHost for later use -+ List configuredHostNames = niFiProperties.getAllowedHostsAsList(); -+ this.allowAllHosts = configuredHostNames.size() == 1 && configuredHostNames.contains("*"); -+ - // empty is ok here - hosts.add(""); - -@@ -160,7 +166,7 @@ public class HostHeaderHandler extends Handler.Abstract { - * @return Valid status - */ - boolean hostHeaderIsValid(final String hostHeader) { -- return hostHeader != null && validHosts.contains(hostHeader.toLowerCase().trim()); -+ return this.allowAllHosts || (hostHeader != null && validHosts.contains(hostHeader.toLowerCase().trim())); - } - - @Override diff --git a/nifi/stackable/patches/2.2.0/0001-Disable-zip-assembly-to-save-disk-space.patch b/nifi/stackable/patches/2.4.0/0001-no-zip-assembly.patch similarity index 72% rename from nifi/stackable/patches/2.2.0/0001-Disable-zip-assembly-to-save-disk-space.patch rename to nifi/stackable/patches/2.4.0/0001-no-zip-assembly.patch index 25e389653..4e93ed77f 100644 --- a/nifi/stackable/patches/2.2.0/0001-Disable-zip-assembly-to-save-disk-space.patch +++ b/nifi/stackable/patches/2.4.0/0001-no-zip-assembly.patch @@ -1,14 +1,14 @@ -From 450dee471deaad0d154cc722b11054ba5fa3a084 Mon Sep 17 00:00:00 2001 -From: Malte Sander -Date: Fri, 17 May 2024 15:38:33 +0200 -Subject: Disable zip assembly to save disk space +From cef2caa1141df8974ff853ce3bf55736cc22af4f Mon Sep 17 00:00:00 2001 +From: Nick Larsen +Date: Mon, 17 Feb 2025 17:26:20 +0100 +Subject: no zip assembly --- nifi-assembly/pom.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/nifi-assembly/pom.xml b/nifi-assembly/pom.xml -index c04e1c8650..adcecd6206 100644 +index 41bab2ad37..4ebb494613 100644 --- a/nifi-assembly/pom.xml +++ b/nifi-assembly/pom.xml @@ -66,7 +66,6 @@ language governing permissions and limitations under the License. --> diff --git a/nifi/stackable/patches/2.2.0/0003-Add-CycloneDX-plugin.patch b/nifi/stackable/patches/2.4.0/0002-add-cyclonedx-plugin.patch similarity index 80% rename from nifi/stackable/patches/2.2.0/0003-Add-CycloneDX-plugin.patch rename to nifi/stackable/patches/2.4.0/0002-add-cyclonedx-plugin.patch index 5e4cd897c..78432863b 100644 --- a/nifi/stackable/patches/2.2.0/0003-Add-CycloneDX-plugin.patch +++ b/nifi/stackable/patches/2.4.0/0002-add-cyclonedx-plugin.patch @@ -1,17 +1,17 @@ -From 5fb37840eb45dc2b159089e75e2d0ef3054ac03d Mon Sep 17 00:00:00 2001 -From: Lukas Voetmand -Date: Fri, 6 Sep 2024 17:53:52 +0200 -Subject: Add CycloneDX plugin +From a9fc3a2eea5add80ca03e8fba97d83d2952f2e5d Mon Sep 17 00:00:00 2001 +From: Nick Larsen +Date: Mon, 17 Feb 2025 17:31:17 +0100 +Subject: add cyclonedx plugin --- pom.xml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/pom.xml b/pom.xml -index 7885e6c208..07e03e66cd 100644 +index 78f53a9aab..fdcc97cd51 100644 --- a/pom.xml +++ b/pom.xml -@@ -1007,6 +1007,24 @@ +@@ -1013,6 +1013,24 @@ diff --git a/nifi/stackable/patches/2.2.0/patchable.toml b/nifi/stackable/patches/2.4.0/patchable.toml similarity index 51% rename from nifi/stackable/patches/2.2.0/patchable.toml rename to nifi/stackable/patches/2.4.0/patchable.toml index cca3aee5b..d055c6804 100644 --- a/nifi/stackable/patches/2.2.0/patchable.toml +++ b/nifi/stackable/patches/2.4.0/patchable.toml @@ -1,2 +1,2 @@ -base = "b33ffac8aa10992482f7fa54e6cfccc46a5e8e27" mirror = "https://github.com/stackabletech/nifi.git" +base = "65c7732e46cdfcb17afe0dd7b0a3e0956226bcbb" diff --git a/nifi/versions.py b/nifi/versions.py index 9f7ae285c..59fb9b5f3 100644 --- a/nifi/versions.py +++ b/nifi/versions.py @@ -10,9 +10,9 @@ "java-devel": "11", }, { - "product": "2.2.0", + "product": "2.4.0", "java-base": "21", "java-devel": "21", - "nifi_iceberg_bundle": "0.0.3", + "nifi_iceberg_bundle": "0.0.4", }, ]