You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2022/08/22 16:23:00 UTC

[jira] [Created] (NIFI-10382) Upgrade Flume to 1.10.1

David Handermann created NIFI-10382:
---------------------------------------

             Summary: Upgrade Flume to 1.10.1
                 Key: NIFI-10382
                 URL: https://issues.apache.org/jira/browse/NIFI-10382
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Extensions
            Reporter: David Handermann
            Assignee: David Handermann


Apache Flume JMS Sources in versions prior to 1.10.1 are vulnerable to remote code execution under limited conditions where an attacker controls a remote LDAP server as described in [CVE-2022-34916|https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-34916]. Dependencies on Apache Flume libraries should be upgraded to 1.10.1.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)