You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Mike R (Jira)" <ji...@apache.org> on 2022/06/02 12:17:00 UTC
[jira] [Updated] (NIFI-10083) Upgrade xmlsec-1.5.8 To Most Recent Version
[ https://issues.apache.org/jira/browse/NIFI-10083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike R updated NIFI-10083:
--------------------------
Description:
The version of xmlsec-1.5.8 found at /nifi-toolkit-current/lib/xmlsec-1.5.8.jar is vulnerable per [https://github.com/advisories/GHSA-j8wc-gxx9-82hx,] which says that "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable" to CVE [NVD - CVE-2021-40690 (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2021-40690]
There is an update available, it just needs to be incorporated
was:The version of xmlsec-1.5.8 found at /nifi-toolkit-current/lib/xmlsec-1.5.8.jar is vulnerable per [https://github.com/advisories/GHSA-j8wc-gxx9-82hx,] which says that "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable" to CVE [NVD - CVE-2021-40690 (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2021-40690]
> Upgrade xmlsec-1.5.8 To Most Recent Version
> -------------------------------------------
>
> Key: NIFI-10083
> URL: https://issues.apache.org/jira/browse/NIFI-10083
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.16.1, 1.16.2
> Reporter: Mike R
> Priority: Major
>
> The version of xmlsec-1.5.8 found at /nifi-toolkit-current/lib/xmlsec-1.5.8.jar is vulnerable per [https://github.com/advisories/GHSA-j8wc-gxx9-82hx,] which says that "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable" to CVE [NVD - CVE-2021-40690 (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2021-40690]
> There is an update available, it just needs to be incorporated
--
This message was sent by Atlassian Jira
(v8.20.7#820007)