Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-10083

Upgrade xmlsec-1.5.8 To Most Recent Version

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.16.1, 1.16.2
    • 1.17.0
    • None
    • None

    Description

      The version of xmlsec-1.5.8  found at /nifi-toolkit-current/lib/xmlsec-1.5.8.jar is vulnerable per https://github.com/advisories/GHSA-j8wc-gxx9-82hx, which says that "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable" to CVE NVD - CVE-2021-40690 (nist.gov)

      There is an update available, it just needs to be incorporated

      Attachments

        Issue Links

          is fixed by

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-9849 Refactor SAML 2 Support using Spring Security 5

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              exceptionfactory David Handermann
              msr1716 Mike R
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: