Team, Following the four milestone versions and the general availability of NiFi 2.0.0, we should determine the timing to discontinue support for NiFi 1.
Although this comes right after the release of NiFi 2.0.0, the reality is that that support branch already has several fundamental dependencies that are no longer supported. These unsupported core dependencies include: - Spring 5 as of 2024-08-31 [1] - Jetty 9.4 as of 2022-06-01 [2] - Angular 1.8 as of 2021-12-01 [3] [1] https://endoflife.date/spring-framework [2] https://endoflife.date/eclipse-jetty [3] https://endoflife.date/angularjs There are other component dependencies to consider, but the above dependencies are important because they are foundational to the application. The last open source version of Spring 5.3 already has one associated CVE, and although it does not impact NiFi directly, it is just one of a growing number of security issues that cannot be resolved. As we cannot provide security support for NiFi 1, which should discontinue accepting patches for bug fixes. Although it may be worth considering one more patch-level release as 1.28.1 before declaring NiFi 1 EOL, we should not consider any new features. To move the discussion in a concrete direction, I propose November 30, 2024 as the official date for declaring NiFi 1 EOL. Regards, David Handermann
