Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-13933

Upgrade Spring Security to 6.3.4 and Address Dependency Check Findings

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.0.0
    • Core Framework
    • None

    Description

      Spring Security dependencies should be upgraded to 6.3.4 to address findings for CVE-2024-38821. This vulnerability applies to WebFlux libraries that NiFi does not use.

      In addition, recent Dependency Check Plugin reports include a number of false positives related to Azure Identity libraries. False positives should be suppressed and other impacted dependencies should be upgraded.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #9450

          Activity

            People

              exceptionfactory David Handermann
              exceptionfactory David Handermann
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 50m
                  50m