You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2021/12/18 20:28:00 UTC

[jira] [Created] (NIFI-9504) Upgrade Logback to 1.2.9

David Handermann created NIFI-9504:
--------------------------------------

             Summary: Upgrade Logback to 1.2.9
                 Key: NIFI-9504
                 URL: https://issues.apache.org/jira/browse/NIFI-9504
             Project: Apache NiFi
          Issue Type: Bug
          Components: Core Framework, MiNiFi, NiFi Registry, NiFi Stateless
    Affects Versions: 1.15.1, 1.15.0
            Reporter: David Handermann
            Assignee: David Handermann


[Logback|https://logback.qos.ch/news.html] 1.2.9 includes updates to prevent potential code execution in non-standard configurations as described in [CVE-2021-42550|https://www.cve.org/CVERecord?id=CVE-2021-42550].

The default NiFi configuration for Logback does not use these vulnerable features, but upgrading to the latest version avoids potential issues.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)