You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/03/31 22:26:00 UTC
[jira] [Commented] (NIFI-9852) Upgrade Spring Framework to 5.3.18
[ https://issues.apache.org/jira/browse/NIFI-9852?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17515618#comment-17515618 ]
ASF subversion and git services commented on NIFI-9852:
-------------------------------------------------------
Commit 7fde2bbfd1afdd6037765340eca9fc675542323e in nifi's branch refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=7fde2bb ]
NIFI-9852 Upgraded Spring Framework from 5.3.16 to 5.3.18
- Upgraded Spring Boot from 2.6.4 to 2.6.6
Signed-off-by: Nathan Gough <th...@gmail.com>
This closes #5921.
> Upgrade Spring Framework to 5.3.18
> ----------------------------------
>
> Key: NIFI-9852
> URL: https://issues.apache.org/jira/browse/NIFI-9852
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Extensions, NiFi Registry, Security
> Affects Versions: 1.16.0
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Labels: dependency-upgrade, security
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Spring Framework 5.3.18 corrects several issues, including [CVE-2022-22965|https://tanzu.vmware.com/security/CVE-2022-22965]. Spring Boot for NiFi Registry should also be upgraded to 2.6.6.
> The [Spring Framework announcement|https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement] lists the criteria for exploiting the vulnerability. Based on the current summary, NiFi and NiFi Registry do not appear to be impacted as both applications use Jetty instead of Apache Tomcat, and use JAX-RS with Jersey instead of Spring WebMVC or Spring Webflux for defining REST resources.
> Upgrading these dependencies mitigates potential issues.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)