You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Mike R (Jira)" <ji...@apache.org> on 2022/10/31 15:17:00 UTC

[jira] [Updated] (NIFI-10735) Update Hortonworks registries schema-registry-client to mitigate CVE

     [ https://issues.apache.org/jira/browse/NIFI-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mike R updated NIFI-10735:
--------------------------
    Description: 
Update Hortonworks registries schema-registry-client to mitigate CVE. Version 0.9.1 has 2 CVE. Updating to 1.0.0 resolves both of these CVE. 

CVE are: [CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250] and [CVE-2021-29425|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425]. Both have a medium score

The update can be found in the [nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml|https://github.com/apache/nifi/blob/f65888dc5cd2c60ad22867be00c83a0c3a01c5e2/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml] file at line 27 with <hwx.registry.version>0.9.1</hwx.registry.version>

 

Release Notes: [Comparing 0.9.1-rc1...1.0.0-rc2 · hortonworks/registry (github.com)|https://github.com/hortonworks/registry/compare/0.9.1-rc1...1.0.0-rc2]

  was:
Update Hortonworks registries schema-registry-client to mitigate CVE. Version 0.9.1 has 2 CVE. Updating to 1.0.0 resolves both of these CVE. 

CVE are: [CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250] and [CVE-2021-29425|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425]. Both have a medium score

The update can be found in the [nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml|https://github.com/apache/nifi/blob/f65888dc5cd2c60ad22867be00c83a0c3a01c5e2/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml] file at line 27 with <hwx.registry.version>0.9.1</hwx.registry.version>


> Update Hortonworks registries schema-registry-client to mitigate CVE
> --------------------------------------------------------------------
>
>                 Key: NIFI-10735
>                 URL: https://issues.apache.org/jira/browse/NIFI-10735
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.18.0
>            Reporter: Mike R
>            Priority: Major
>
> Update Hortonworks registries schema-registry-client to mitigate CVE. Version 0.9.1 has 2 CVE. Updating to 1.0.0 resolves both of these CVE. 
> CVE are: [CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250] and [CVE-2021-29425|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425]. Both have a medium score
> The update can be found in the [nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml|https://github.com/apache/nifi/blob/f65888dc5cd2c60ad22867be00c83a0c3a01c5e2/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml] file at line 27 with <hwx.registry.version>0.9.1</hwx.registry.version>
>  
> Release Notes: [Comparing 0.9.1-rc1...1.0.0-rc2 · hortonworks/registry (github.com)|https://github.com/hortonworks/registry/compare/0.9.1-rc1...1.0.0-rc2]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)