svn commit: r1882180 - /nifi/site/trunk/security.html

[al...@apache.org]

Author: alopresto
Date: Thu Oct  1 14:20:02 2020
New Revision: 1882180

URL: http://svn.apache.org/viewvc?rev=1882180&view=rev
Log:
Added credit for discovered CVE. 

Modified:
    nifi/site/trunk/security.html

Modified: nifi/site/trunk/security.html
URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1882180&r1=1882179&r2=1882180&view=diff
==============================================================================
--- nifi/site/trunk/security.html (original)
+++ nifi/site/trunk/security.html Thu Oct  1 14:20:02 2020
@@ -197,7 +197,7 @@
         </p>
         <p>Description: The NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. </p>
         <p>Mitigation: Disabled anonymous authentication, implemented a multi-indexed cache, and limited token creation requests to one concurrent request per user. Users running any previous NiFi release should upgrade to the latest release. </p>
-        <p>Credit: This issue was discovered by an anonymous community member. </p>
+        <p>Credit: This issue was discovered by Dennis Detering (IT Security Consultant at Spike Reply). </p>
         <p>CVE Link: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9487" target="_blank">Mitre Database: CVE-2020-9487</a></p>
         <p>NiFi Jira: <a href="https://issues.apache.org/jira/browse/NIFI-7385" target="_blank">NIFI-7385</a></p>
         <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/4271" target="_blank">PR 4271</a></p>