You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2021/12/18 20:28:00 UTC
[jira] [Created] (NIFI-9504) Upgrade Logback to 1.2.9
David Handermann created NIFI-9504:
--------------------------------------
Summary: Upgrade Logback to 1.2.9
Key: NIFI-9504
URL: https://issues.apache.org/jira/browse/NIFI-9504
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework, MiNiFi, NiFi Registry, NiFi Stateless
Affects Versions: 1.15.1, 1.15.0
Reporter: David Handermann
Assignee: David Handermann
[Logback|https://logback.qos.ch/news.html] 1.2.9 includes updates to prevent potential code execution in non-standard configurations as described in [CVE-2021-42550|https://www.cve.org/CVERecord?id=CVE-2021-42550].
The default NiFi configuration for Logback does not use these vulnerable features, but upgrading to the latest version avoids potential issues.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)