You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Mike R (Jira)" <ji...@apache.org> on 2022/06/02 12:07:00 UTC

[jira] [Created] (NIFI-10082) Update Java Protobuf To Most Recent Version

Mike R created NIFI-10082:
-----------------------------

             Summary: Update Java Protobuf To Most Recent Version
                 Key: NIFI-10082
                 URL: https://issues.apache.org/jira/browse/NIFI-10082
             Project: Apache NiFi
          Issue Type: Bug
            Reporter: Mike R
             Fix For: 1.16.2, 1.16.1


It looks like Java Protobuf that is used is vulnerable per [https://github.com/advisories/GHSA-wrvw-hg22-4m67,] which is [CVE-2021-22569|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569] *High* - CVSS Score: 7. 

A fix can be found here, but still needs to be compiled [Release Protocol Buffers v3.19.2 · protocolbuffers/protobuf (github.com)|[Release Protocol Buffers v3.19.2 · protocolbuffers/protobuf (github.com)|https://github.com/protocolbuffers/protobuf/releases/tag/v3.19.2]]

 
|package|package_path|package_type|package_version|fix|
|protobuf-java-3.19.1|/nifi/lib/properties/protobuf-java-3.19.1.jar|java|3.19.1|3.19.2|



--
This message was sent by Atlassian Jira
(v8.20.7#820007)