Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-10084

Upgrade commons-httpclient

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.16.1, 1.16.2
    • None
    • None
    • None

    Description

      It looks like commons-httpclient-3.1, which is found at nifi-toolkit-current/lib/commons-httpclient-3.1.jar is vulnerable to a CVE and is end of life. The CVE is https://nvd.nist.gov/vuln/detail/CVE-2012-5783

      There is also CVE 2020-13956

      When I look for updates, it looks like the end of life was 16 December 2007, with the newer module being Maven Repository: org.apache.httpcomponents » httpclient (mvnrepository.com)

      More information can be found from the apache website

      The vulnerable component is found at /nifi-toolkit/lib/commons-httpclient-3.1.jar.

       

      Attachments

        Issue Links

          is fixed by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. NIFI-11169 Remove Deprecated Components and Features for 2.0.0 M1

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-9849 Refactor SAML 2 Support using Spring Security 5

          • Major - Major loss of function.
          • Resolved
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-9849 Refactor SAML 2 Support using Spring Security 5

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              exceptionfactory David Handermann
              msr1716 Mike R
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: