Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5108

Update to Commons Compress to 1.16.1

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.7.0
    • None
    • None

    Description

      https://commons.apache.org/proper/commons-compress/security-reports.html

      ./nar/framework/nifi-framework-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.15.jar

      ./nar/extensions/nifi-media-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.14.jar
      ./nar/extensions/nifi-avro-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-hive-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.4.1.jar
      ./nar/extensions/nifi-parquet-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-kudu-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-beats-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.15.jar
      ./nar/extensions/nifi-record-serialization-services-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-hadoop-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.15.jar
      ./nar/extensions/nifi-confluent-platform-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-lumberjack-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.15.jar
      ./nar/extensions/nifi-hbase_1_1_2-client-service-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.4.1.jar
      ./nar/extensions/nifi-site-to-site-reporting-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-cassandra-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-hadoop-libraries-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-standard-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.15.jar
      ./nar/extensions/nifi-registry-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar
      ./nar/extensions/nifi-hwx-schema-registry-nar-1.7.0-SNAPSHOT.nar-unpacked/META-INF/bundled-dependencies/commons-compress-1.8.1.jar

      And spring data commons 1.13.3 which is in our redis bundle needs to be updated
      https://pivotal.io/security/cve-2018-1273

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #2651

          Activity

            People

              joewitt Joe Witt
              joewitt Joe Witt
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: