[NIFI-9271] Upgrade Quartz to 2.3.2 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.15.0
Component/s: MiNiFi
Labels:
- dependency-upgrade

Description

Quartz Scheduler versions below 2.3.0 have a potential XML External Entity vulnerability CVE-2019-13990. Although it does not include external loading of XML job description files, MiNiFi currently references version 2.2.1.

Attachments

Issue Links

links to

GitHub Pull Request #5430

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Oct/21 17:45

Updated:: 04/Oct/21 20:18

Resolved:: 04/Oct/21 20:18

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m