You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by al...@apache.org on 2020/04/09 16:18:33 UTC
svn commit: r1876331 - in /nifi/site/trunk: registry.html security.html
Author: alopresto
Date: Thu Apr 9 16:18:33 2020
New Revision: 1876331
URL: http://svn.apache.org/viewvc?rev=1876331&view=rev
Log:
Added NiFi Registry 0.6.0 links to source code. Added NiFi 1.11.4 CVE announcements.
Modified:
nifi/site/trunk/registry.html
nifi/site/trunk/security.html
Modified: nifi/site/trunk/registry.html
URL: http://svn.apache.org/viewvc/nifi/site/trunk/registry.html?rev=1876331&r1=1876330&r2=1876331&view=diff
==============================================================================
--- nifi/site/trunk/registry.html (original)
+++ nifi/site/trunk/registry.html Thu Apr 9 16:18:33 2020
@@ -198,62 +198,33 @@
<li><a href="https://cwiki.apache.org/confluence/display/NIFIREG/Release+Notes#ReleaseNotes-NiFiRegistry0.6.0">Release Notes</a></li>
</ul>
</li>
- <li>
- 0.5.0
- <ul>
- <li>
- Sources
- <ul>
- <li><a href="https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip">nifi-registry-0.5.0-source-release.zip</a> (
- <a href="https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.asc">asc</a>,
- <a href="https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha256">sha256</a>,
- <a href="https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha512">sha512</a> )</li>
- </ul>
- </li>
- <li>
- Binaries
- <ul>
- <li><a href="https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz">nifi-registry-0.5.0-bin.tar.gz</a> (
- <a href="https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.asc">asc</a>,
- <a href="https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.sha256">sha256</a>,
- <a href="https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.sha512">sha512</a> )</li>
-
- <li><a href="https://www.apache.org/dyn/closer.lua?path=/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip">nifi-registry-0.5.0-bin.zip</a> (
- <a href="https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.asc">asc</a>,
- <a href="https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.sha256">sha256</a>,
- <a href="https://downloads.apache.org/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.sha512">sha512</a> )</li>
- </ul>
- </li>
- <li><a href="https://cwiki.apache.org/confluence/display/NIFIREG/Release+Notes#ReleaseNotes-NiFiRegistry0.5.0">Release Notes</a></li>
- </ul>
- </li>
<li>
- 0.4.0
+ 0.5.0
<ul>
<li>
Sources
<ul>
- <li><a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-source-release.zip">nifi-registry-0.4.0-source-release.zip</a> (
- <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-source-release.zip.asc">asc</a>,
- <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-source-release.zip.sha256">sha256</a>,
- <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-source-release.zip.sha512">sha512</a> )</li>
+ <li><a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip">nifi-registry-0.5.0-source-release.zip</a> (
+ <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.asc">asc</a>,
+ <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha256">sha256</a>,
+ <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-source-release.zip.sha512">sha512</a> )</li>
</ul>
</li>
<li>
Binaries
<ul>
- <li><a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-bin.tar.gz">nifi-registry-0.4.0-bin.tar.gz</a> (
- <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-bin.tar.gz.asc">asc</a>,
- <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-bin.tar.gz.sha256">sha256</a>,
- <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-bin.tar.gz.sha512">sha512</a> )</li>
+ <li><a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz">nifi-registry-0.5.0-bin.tar.gz</a> (
+ <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.asc">asc</a>,
+ <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.sha256">sha256</a>,
+ <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.tar.gz.sha512">sha512</a> )</li>
- <li><a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-bin.zip">nifi-registry-0.4.0-bin.zip</a> (
- <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-bin.zip.asc">asc</a>,
- <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-bin.zip.sha256">sha256</a>,
- <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.4.0/nifi-registry-0.4.0-bin.zip.sha512">sha512</a> )</li>
+ <li><a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip">nifi-registry-0.5.0-bin.zip</a> (
+ <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.asc">asc</a>,
+ <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.sha256">sha256</a>,
+ <a href="https://archive.apache.org/dist/nifi/nifi-registry/nifi-registry-0.5.0/nifi-registry-0.5.0-bin.zip.sha512">sha512</a> )</li>
</ul>
</li>
- <li><a href="https://cwiki.apache.org/confluence/display/NIFIREG/Release+Notes#ReleaseNotes-NiFiRegistry0.4.0">Release Notes</a></li>
+ <li><a href="https://cwiki.apache.org/confluence/display/NIFIREG/Release+Notes#ReleaseNotes-NiFiRegistry0.5.0">Release Notes</a></li>
</ul>
</li>
</ul>
Modified: nifi/site/trunk/security.html
URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1876331&r1=1876330&r2=1876331&view=diff
==============================================================================
--- nifi/site/trunk/security.html (original)
+++ nifi/site/trunk/security.html Thu Apr 9 16:18:33 2020
@@ -149,6 +149,35 @@
</div>
</div>
<div class="medium-space"></div>
+ <div class="row">
+ <div class="large-12 columns features">
+ <h2><a id="1.11.4" href="#1.11.4">Fixed in Apache NiFi 1.11.4</a></h2>
+ </div>
+ </div>
+<!-- Dependency Vulnerabilities -->
+<div class="row">
+ <div class="large-12 columns features">
+ <h2><a id="1.11.4-dependency-vulnerabilities" href="#1.11.4-dependency-vulnerabilities">Dependency Vulnerabilities</a></h2>
+ </div>
+</div>
+<div class="row" style="background-color: aliceblue">
+ <div class="large-12 columns">
+ <p><a id="CVE-2020-5398" href="#CVE-2020-5398"><strong>CVE-2020-5398</strong></a>: Apache NiFi's spring-data-redis usage</p>
+ <p>Severity: <strong>Moderate</strong></p>
+ <p>Versions Affected:</p>
+ <ul>
+ <li>Apache NiFi 1.8.0 - 1.11.3</li>
+ </ul>
+ </p>
+ <p>Description: The org.springframework.data:spring-data-redis dependency in the nifi-redis-bundle had a vulnerable transitive dependency. See <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-5398" target="_blank">NIST NVD CVE-2020-5398</a> for more information. </p>
+ <p>Mitigation: spring-data-redis was upgraded from 2.1.0.RELEASE to 2.1.16.RELEASE for the Apache NiFi 1.11.4 release. It is unlikely that NiFi's usage of this dependency could be exploited as described by the CVE, however we consider it prudent for users running a prior 1.x release to upgrade to the 1.11.4 release. </p>
+ <p>CVE Link: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5398" target="_blank">Mitre Database: CVE-2020-5398</a></p>
+ <p>NiFi Jira: <a href="https://issues.apache.org/jira/browse/NIFI-7267" target="_blank">NIFI-7267</a></p>
+ <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/4150" target="_blank">PR 4150</a></p>
+ <p>Released: March 22, 2020</p>
+ </div>
+</div>
+<div class="medium-space"></div>
<div class="row">
<div class="large-12 columns features">
<h2><a id="1.11.1" href="#1.11.1">Fixed in Apache NiFi 1.11.1</a></h2>