You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2023/06/05 20:13:00 UTC
[jira] [Commented] (NIFI-11643) Upgrade geoip2 to 4.0.1
[ https://issues.apache.org/jira/browse/NIFI-11643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17729461#comment-17729461 ]
David Handermann commented on NIFI-11643:
-----------------------------------------
[Version 3.0.0|https://github.com/maxmind/GeoIP2-java/releases/tag/v3.0.0] requires Java 11, so this upgrade is suitable for inclusion in NiFi 2.0.0 on the main branch, but cannot be backported to the NiFi 1 support branch.
> Upgrade geoip2 to 4.0.1
> -----------------------
>
> Key: NIFI-11643
> URL: https://issues.apache.org/jira/browse/NIFI-11643
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Siddharth R
> Assignee: Siddharth R
> Priority: Minor
> Labels: dependency-upgrade
> Fix For: 2.latest
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Bump version from 2.16.1 to 4.0.1 to remediate findings:
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004]
> [https://mvnrepository.com/artifact/com.maxmind.geoip2/geoip2/2.16.1#:~:text=CVE%2D2022%2D42004-,CVE%2D2022%2D42003,-CVE%2D2021%2D46877]
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46877]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)