[NIFI-10271] Upgrade Xerces to 2.12.2 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.17.0
Component/s: None
Labels:
- dependency-upgrade

Description

Several extension components, including Scripting Processors and Media Processors, depend on Xerces 2.12.1, which is vulnerable to resource exhaustion when parsing crafted XML documents, as described in CVE-2022-23437.

Xerces 2.12.2 addresses CVE-2022-23437.

Attachments

Issue Links

links to

GitHub Pull Request #6242

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Jul/22 20:34

Updated:: 24/Jul/22 01:09

Resolved:: 24/Jul/22 01:09

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m