You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2022/07/24 01:09:21 UTC
[nifi] 05/05: NIFI-10271 This closes #6242. Upgraded Xerces from 2.12.1 to 2.12.2
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 7244b9cfc43dcb73ff1d088ecec7c1cf0b045e28
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Sat Jul 23 15:35:48 2022 -0500
NIFI-10271 This closes #6242. Upgraded Xerces from 2.12.1 to 2.12.2
- Suppressed false positive vulnerability report for CVE-2017-10355
Signed-off-by: Joe Witt <jo...@apache.org>
---
nifi-dependency-check-maven/suppressions.xml | 5 +++++
nifi-nar-bundles/nifi-hive-bundle/pom.xml | 6 ++++++
.../nifi-media-bundle/nifi-media-processors/pom.xml | 10 ++++++++++
.../nifi-scripting-bundle/nifi-scripting-processors/pom.xml | 2 +-
4 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/nifi-dependency-check-maven/suppressions.xml b/nifi-dependency-check-maven/suppressions.xml
index db3e58a794..20dcabe779 100644
--- a/nifi-dependency-check-maven/suppressions.xml
+++ b/nifi-dependency-check-maven/suppressions.xml
@@ -129,4 +129,9 @@
<packageUrl regex="true">^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-ng\-morphline\-solr\-sink@.*$</packageUrl>
<cpe>cpe:/a:apache:solr</cpe>
</suppress>
+ <suppress>
+ <notes>CVE-2017-10355 does not apply to Xerces 2.12.2</notes>
+ <packageUrl regex="true">^pkg:maven/xerces/xercesImpl@.*$</packageUrl>
+ <cve>CVE-2017-10355</cve>
+ </suppress>
</suppressions>
diff --git a/nifi-nar-bundles/nifi-hive-bundle/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/pom.xml
index 60094dd704..54991ac0a5 100644
--- a/nifi-nar-bundles/nifi-hive-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-hive-bundle/pom.xml
@@ -97,6 +97,12 @@
<artifactId>ant</artifactId>
<version>1.10.12</version>
</dependency>
+ <!-- Override Xerces 2.9.1 in Hive 1.1 and 1.2 -->
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.12.2</version>
+ </dependency>
</dependencies>
</dependencyManagement>
diff --git a/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml b/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml
index 1fad27fd7d..08e08ac99d 100644
--- a/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml
@@ -29,6 +29,16 @@
<tika.version>2.4.1</tika.version>
</properties>
+ <dependencyManagement>
+ <dependencies>
+ <!-- Override Xerces 2.12.1 from Tika -->
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.12.2</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.nifi</groupId>
diff --git a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/pom.xml b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/pom.xml
index 9e2178c4c9..8b2adb0766 100644
--- a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/pom.xml
@@ -112,7 +112,7 @@
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
- <version>2.12.1</version>
+ <version>2.12.2</version>
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>