You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2022/07/01 12:32:52 UTC

[GitHub] [nifi] mr1716 commented on a diff in pull request #6175: NIFI-10190 Update azure-cosmos from 4.26.0 to 4.31.0

mr1716 commented on code in PR #6175:
URL: https://github.com/apache/nifi/pull/6175#discussion_r911921267


##########
nifi-nar-bundles/nifi-azure-bundle/pom.xml:
##########
@@ -31,7 +31,7 @@
         <azure.identity.version>1.4.5</azure.identity.version>
         <!-- azure-identity depends on msal4j transitively, keep these versions consistent -->
         <msal4j.version>1.11.0</msal4j.version>
-        <azure-cosmos.version>4.26.0</azure-cosmos.version>
+        <azure-cosmos.version>4.31.0</azure-cosmos.version>

Review Comment:
   @exceptionfactory will do. It looks like 4.32.1 is still vulnerable to [CVE-2020-8908](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908) So maybe the best thing to do is hold off on this until they fix that issue?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org