You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by al...@apache.org on 2018/09/04 21:32:22 UTC

[2/2] nifi-site git commit: Added links to NiFi Jira and PR for 1.7.0 security fixes.

Added links to NiFi Jira and PR for 1.7.0 security fixes.


Project: http://git-wip-us.apache.org/repos/asf/nifi-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi-site/commit/3eba5fa9
Tree: http://git-wip-us.apache.org/repos/asf/nifi-site/tree/3eba5fa9
Diff: http://git-wip-us.apache.org/repos/asf/nifi-site/diff/3eba5fa9

Branch: refs/heads/master
Commit: 3eba5fa9988fbd538c35e58d4066d1ed3881a214
Parents: 0e11593
Author: Andy LoPresto <al...@apache.org>
Authored: Tue Sep 4 14:32:12 2018 -0700
Committer: Andy LoPresto <al...@apache.org>
Committed: Tue Sep 4 14:32:12 2018 -0700

----------------------------------------------------------------------
 src/pages/html/security.hbs | 10 ++++++++++
 1 file changed, 10 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/nifi-site/blob/3eba5fa9/src/pages/html/security.hbs
----------------------------------------------------------------------
diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs
index df24a61..61ceb77 100644
--- a/src/pages/html/security.hbs
+++ b/src/pages/html/security.hbs
@@ -63,6 +63,8 @@ title: Apache NiFi Security Reports
         <p>Mitigation: The fix to upgrade the commons-compress library to 1.16.1 was applied on the Apache NiFi 1.7.0 release. Users running a prior 1.x release should upgrade to the appropriate release. <strong>This was <a href="#CVE-2018-1324-160">previously incorrectly reported</a> as being fixed in Apache NiFi 1.6.0</strong></p>
         <p>Credit: This issue was discovered by Joe Witt. </p>
         <p>CVE Link: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1324" target="_blank">Mitre Database: CVE-2018-1324</a></p>
+        <p>NiFi Jira: <a href="https://issues.apache.org/jira/browse/NIFI-5108" target="_blank">NIFI-5108</a></p>
+        <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/2651" target="_blank">PR 2651</a></p>
         <p>Released: June 25, 2018</p>
     </div>
 </div>
@@ -79,6 +81,8 @@ title: Apache NiFi Security Reports
         <p>Mitigation: The fix to upgrade the commons-fileupload library to 1.3.3 was applied on the Apache NiFi 1.7.0 release. Users running a prior 1.x release should upgrade to the appropriate release. <em>Apache Commons project <a href="https://nvd.nist.gov/vuln/detail/CVE-2016-1000031" target="_blank">contests validity of this vulnerability</a> and proposes this is the responsibility of the consuming application. </em></p>
         <p>Credit: This issue was discovered by Matt Gilman. </p>
         <p>CVE Link: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031" target="_blank">Mitre Database: CVE-2016-1000031</a></p>
+        <p>NiFi Jira: <a href="https://issues.apache.org/jira/browse/NIFI-5124" target="_blank">NIFI-5124</a></p>
+        <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/2662" target="_blank">PR 2662</a></p>
         <p>Released: June 25, 2018</p>
     </div>
 </div>
@@ -95,6 +99,8 @@ title: Apache NiFi Security Reports
         <p>Mitigation: The fix to upgrade the jackson-databind library to 2.9.5 was applied on the Apache NiFi 1.7.0 release. Users running a prior 1.x release should upgrade to the appropriate release. </p>
         <p>Credit: This issue was discovered by Sivaprasanna Sethuraman. </p>
         <p>CVE Link: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489" target="_blank">Mitre Database: CVE-2018-7489</a>, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525" target="_blank">Mitre Database: CVE-2017-7525</a>, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095" target="_blank">Mitre Database: CVE-2017-15095</a></p>
+        <p>NiFi Jira: <a href="https://issues.apache.org/jira/browse/NIFI-5286" target="_blank">NIFI-5286</a></p>
+        <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/2775" target="_blank">PR 2775</a></p>
         <p>Released: June 25, 2018</p>
     </div>
 </div>
@@ -111,6 +117,8 @@ title: Apache NiFi Security Reports
         <p>Mitigation: The fix to upgrade the commons-compress library to 1.7.0 was applied on the Apache NiFi 1.7.0 release. Users running a prior 1.x release should upgrade to the appropriate release. </p>
         <p>Credit: This issue was discovered by Prashanth V. </p>
         <p>CVE Link: N/A</p>
+        <p>NiFi Jira: <a href="https://issues.apache.org/jira/browse/NIFI-5215" target="_blank">NIFI-5215</a></p>
+        <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/2721" target="_blank">PR 2721</a></p>
         <p>Released: June 25, 2018</p>
     </div>
 </div>
@@ -127,6 +135,8 @@ title: Apache NiFi Security Reports
         <p>Mitigation: The improved content escaping was applied on the Apache NiFi 1.7.0 release. Users running a prior 1.x release should upgrade to the appropriate release. </p>
         <p>Credit: This issue was discovered by Jonathan Logan. </p>
         <p>CVE Link: N/A</p>
+        <p>NiFi Jira: <a href="https://issues.apache.org/jira/browse/NIFI-5266" target="_blank">NIFI-5266</a></p>
+        <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/2760" target="_blank">PR 2760</a></p>
         <p>Released: June 25, 2018</p>
     </div>
 </div>