fix(nifi): Conditionally disable Host Port Validation in NiFi 2.4.0

[labrenbe]

Description

Starting in NiFi 2.4.0 the host header validation has been replaced by host port validation: apache/nifi#9680

This adds a patch that replaces 0002-Allow-bypassing-check-for-host-header.patch which was used to turn host header validation off if the list of allowed hosts contained only *.

Definition of Done Checklist

Note

Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant.

Please make sure all these things are done and tick the boxes

• Changes are OpenShift compatible
• All added packages (via microdnf or otherwise) have a comment on why they are added
• Things not downloaded from Red Hat repositories should be mirrored in the Stackable repository and downloaded from there
• All packages should have (if available) signatures/hashes verified
• Add an entry to the CHANGELOG.md file
• Integration tests ran successfully

TIP: Running integration tests with a new product image

The image can be built and uploaded to the kind cluster with the following commands:

bake --product <product> --image-version <stackable-image-version>
kind load docker-image <image-tagged-with-the-major-version> --name=<name-of-your-test-cluster>

See the output of bake to retrieve the image tag for <image-tagged-with-the-major-version>.

Release Notes

NiFi: Update patch that allows bypassing the host header validation starting with NiFi 2.4.0

[NickLarsenNZ]

Test build triggered: https://github.com/stackabletech/docker-images/actions/runs/15187818491

[labrenbe]

During local testing I was able to access the NiFi UI without the HTTP 421 error.

[maltesander]

LGTM!

[lfrancke]

Is this something we should mention in the release notes?

[labrenbe]

Is this something we should mention in the release notes?

Yes, this is relevant to security so it should be mentioned. I've added a release note snippet to the PR description.