Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-10271

Upgrade Xerces to 2.12.2

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 1.17.0
    • None

    Description

      Several extension components, including Scripting Processors and Media Processors, depend on Xerces 2.12.1, which is vulnerable to resource exhaustion when parsing crafted XML documents, as described in CVE-2022-23437.

      Xerces 2.12.2 addresses CVE-2022-23437.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            exceptionfactory David Handermann
            exceptionfactory David Handermann
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 20m
                20m

                Slack

                  Issue deployment