You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2023/05/12 12:40:00 UTC

[jira] [Resolved] (NIFI-11543) Upgrade Spring Vault version from 2.3.2 to 2.3.3

     [ https://issues.apache.org/jira/browse/NIFI-11543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Handermann resolved NIFI-11543.
-------------------------------------
    Resolution: Duplicate

Spring Vault was upgraded in NiFI 1.21.0, and in general dependency upgrades are not backported across minor version releases, so it is not necessary to make changes to the 1.19.0 support branch.

> Upgrade Spring Vault version from 2.3.2 to 2.3.3
> ------------------------------------------------
>
>                 Key: NIFI-11543
>                 URL: https://issues.apache.org/jira/browse/NIFI-11543
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: 1.19.0, 1.19.1
>            Reporter: Jeyassri Balachandran
>            Priority: Minor
>              Labels: dependency-upgrade
>
> In nifi-commons/nifi-hashicorp-vault/pom.xml, under nifi-hashicorp-vault, 
> Spring.vault.version should be upgraded from 2.3.2 to 2.3.3.
> This will help fix Medium security vulnerability CVE-2023-20863. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)