[NIFI-10716] Upgrade Flume to 1.11.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.19.0
Component/s: None
Labels:
- dependency-upgrade

Description

The Flume Processors depend on Flume 1.10.1, which is vulnerable to CVE-2022-42468.

Although trigger the vulnerability requires a Flume configuration that includes the JMS Source with an unsafe provider URL, the dependency should be upgraded to 1.11.0 in order to mitigate potential configuration issues.

Attachments

Issue Links

links to

GitHub Pull Request #6595

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Oct/22 02:32

Updated:: 28/Oct/22 09:16

Resolved:: 28/Oct/22 09:16

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m