You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2022/12/01 19:04:50 UTC
[nifi] 01/02: NIFI-10923 This closes #6745. Upgraded Apache SSHD to 2.9.2
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch support/nifi-1.19
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 6ed609228514944e121669a8f695ef04d359f956
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Thu Dec 1 12:40:54 2022 -0600
NIFI-10923 This closes #6745. Upgraded Apache SSHD to 2.9.2
Signed-off-by: Joe Witt <jo...@apache.org>
---
nifi-nar-bundles/nifi-standard-bundle/pom.xml | 5 +++--
nifi-registry/pom.xml | 12 ++++++++++++
pom.xml | 2 ++
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/nifi-nar-bundles/nifi-standard-bundle/pom.xml b/nifi-nar-bundles/nifi-standard-bundle/pom.xml
index 080df69a0a..38cd556d85 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-bundle/pom.xml
@@ -35,6 +35,7 @@
<properties>
<yammer.metrics.version>2.2.0</yammer.metrics.version>
<jolt.version>0.1.7</jolt.version>
+ <org.apache.sshd.version>2.9.2</org.apache.sshd.version>
</properties>
<dependencyManagement>
<dependencies>
@@ -303,12 +304,12 @@
<dependency>
<groupId>org.apache.sshd</groupId>
<artifactId>sshd-core</artifactId>
- <version>2.8.0</version>
+ <version>${org.apache.sshd.version}</version>
</dependency>
<dependency>
<groupId>org.apache.sshd</groupId>
<artifactId>sshd-sftp</artifactId>
- <version>2.8.0</version>
+ <version>${org.apache.sshd.version}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
diff --git a/nifi-registry/pom.xml b/nifi-registry/pom.xml
index e6544b09f1..f53dce0f6c 100644
--- a/nifi-registry/pom.xml
+++ b/nifi-registry/pom.xml
@@ -43,6 +43,7 @@
<groovy.eclipse.compiler.version>3.4.0-01</groovy.eclipse.compiler.version>
<jaxb.version>2.3.2</jaxb.version>
<jgit.version>5.13.1.202206130422-r</jgit.version>
+ <org.apache.sshd.version>2.9.2</org.apache.sshd.version>
</properties>
<dependencyManagement>
@@ -241,6 +242,17 @@
</exclusion>
</exclusions>
</dependency>
+ <!-- Override transitive SSHD version from JGit -->
+ <dependency>
+ <groupId>org.apache.sshd</groupId>
+ <artifactId>sshd-osgi</artifactId>
+ <version>${org.apache.sshd.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.sshd</groupId>
+ <artifactId>sshd-sftp</artifactId>
+ <version>${org.apache.sshd.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
diff --git a/pom.xml b/pom.xml
index dc8edd1bba..733c2bc458 100644
--- a/pom.xml
+++ b/pom.xml
@@ -970,6 +970,8 @@
<exclude>org.bouncycastle:bcpkix-jdk15on</exclude>
<exclude>org.bouncycastle:bcutil-jdk15on</exclude>
<exclude>org.bouncycastle:bcmail-jdk15on</exclude>
+ <!-- Exclude SSHD 2.9.1 and earlier due to CVE-2022-45047 -->
+ <exclude>org.apache.sshd:*:[,2.9.1]</exclude>
</excludes>
<includes>
<!-- Versions of JSR305 after 3.0.1 are allowed https://github.com/findbugsproject/findbugs/issues/128 -->