You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Mike R (Jira)" <ji...@apache.org> on 2022/06/02 12:29:00 UTC

[jira] [Created] (NIFI-10084) Upgrade commons-httpclient

Mike R created NIFI-10084:
-----------------------------

             Summary: Upgrade commons-httpclient
                 Key: NIFI-10084
                 URL: https://issues.apache.org/jira/browse/NIFI-10084
             Project: Apache NiFi
          Issue Type: Bug
            Reporter: Mike R


It looks like commons-httpclient-3.1, which is found at nifi-toolkit-current/lib/commons-httpclient-3.1.jar is vulnerable to a CVE and is end of life. The CVE is https://nvd.nist.gov/vuln/detail/CVE-2012-5783

When I look for updates, it looks like the end of life was 16 December 2007, with the newer module being [Maven Repository: org.apache.httpcomponents » httpclient (mvnrepository.com)|https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient]

Version 4.5.13 of the httpclient will resolve the CVE 



--
This message was sent by Atlassian Jira
(v8.20.7#820007)