[NIFI-9852] Upgrade Spring Framework to 5.3.18 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.16.0
Fix Version/s: 1.17.0, 1.16.1
Component/s: Core Framework, Extensions, NiFi Registry, Security
Labels:
- dependency-upgrade
- security

Description

Spring Framework 5.3.18 corrects several issues, including CVE-2022-22965. Spring Boot for NiFi Registry should also be upgraded to 2.6.6.

The Spring Framework announcement lists the criteria for exploiting the vulnerability. Based on the current summary, NiFi and NiFi Registry do not appear to be impacted as both applications use Jetty instead of Apache Tomcat, and use JAX-RS with Jersey instead of Spring WebMVC or Spring Webflux for defining REST resources.

Upgrading these dependencies mitigates potential issues.

Attachments

Issue Links

links to

GitHub Pull Request #5921

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 31/Mar/22 16:07

Updated:: 04/Apr/22 18:29

Resolved:: 31/Mar/22 22:43

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 20m