Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
1.16.1, 1.16.2
-
None
-
None
Description
The version of xmlsec-1.5.8 found at /nifi-toolkit-current/lib/xmlsec-1.5.8.jar is vulnerable per https://github.com/advisories/GHSA-j8wc-gxx9-82hx, which says that "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable" to CVE NVD - CVE-2021-40690 (nist.gov)
There is an update available, it just needs to be incorporated
Attachments
Issue Links
- is fixed by
-
NIFI-9849 Refactor SAML 2 Support using Spring Security 5
- Resolved