Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-11339

Update Spring Core to 5.3.26

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 1.20.0
    • 2.0.0-M1, 1.21.0
    • None
    • None

    Description

      Update org.springframework_spring-core from 5.3.24 to 5.3.26 or 6.0.7.  This will remediate https://nvd.nist.gov/vuln/detail/CVE-2023-20861 

      Twistlock scan reported this as high severity vulnerability in NiFi Registry version 1.20.0.

      Impacted versions: >=5.3.0 and <5.3.26
      Discovered: less than an hour ago
      Published: 7 hours ago

      In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-11320 Upgrade Spring Framework to 5.3.26 and Spring Security to 5.8.2

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              philiplee Phil Lee
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: