Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5108

Update to Commons Compress to 1.16.1

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.7.0
    • Component/s: None
    • Labels:
      None

      Description

      https://commons.apache.org/proper/commons-compress/security-reports.html

      ./nar/framework/nifi-framework-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.15.jar

      ./nar/extensions/nifi-media-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.14.jar
      ./nar/extensions/nifi-avro-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-hive-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.4.1.jar
      ./nar/extensions/nifi-parquet-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-kudu-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-beats-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.15.jar
      ./nar/extensions/nifi-record-serialization-services-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-hadoop-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.15.jar
      ./nar/extensions/nifi-confluent-platform-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-lumberjack-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.15.jar
      ./nar/extensions/nifi-hbase_1_1_2-client-service-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.4.1.jar
      ./nar/extensions/nifi-site-to-site-reporting-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-cassandra-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-hadoop-libraries-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-standard-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.15.jar
      ./nar/extensions/nifi-registry-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-hwx-schema-registry-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar

      And spring data commons 1.13.3 which is in our redis bundle needs to be updated
      https://pivotal.io/security/cve-2018-1273

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                joewitt Joseph Witt
                Reporter:
                joewitt Joseph Witt
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: