Modified: nifi/site/trunk/developer-guide.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/developer-guide.html?rev=1779084&r1=1779083&r2=1779084&view=diff ============================================================================== --- nifi/site/trunk/developer-guide.html (original) +++ nifi/site/trunk/developer-guide.html Mon Jan 16 19:18:01 2017 @@ -51,6 +51,7 @@ <li><a href="videos.html">Videos</a></li> <li><a href="docs.html">NiFi Docs</a></li> <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> </ul> </li> <li class="has-dropdown">
Modified: nifi/site/trunk/docs.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs.html?rev=1779084&r1=1779083&r2=1779084&view=diff ============================================================================== --- nifi/site/trunk/docs.html (original) +++ nifi/site/trunk/docs.html Mon Jan 16 19:18:01 2017 @@ -51,6 +51,7 @@ <li><a href="videos.html">Videos</a></li> <li><a href="docs.html">NiFi Docs</a></li> <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> </ul> </li> <li class="has-dropdown"> Modified: nifi/site/trunk/download.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/download.html?rev=1779084&r1=1779083&r2=1779084&view=diff ============================================================================== --- nifi/site/trunk/download.html (original) +++ nifi/site/trunk/download.html Mon Jan 16 19:18:01 2017 @@ -51,6 +51,7 @@ <li><a href="videos.html">Videos</a></li> <li><a href="docs.html">NiFi Docs</a></li> <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> </ul> </li> <li class="has-dropdown"> Modified: nifi/site/trunk/faq.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/faq.html?rev=1779084&r1=1779083&r2=1779084&view=diff ============================================================================== --- nifi/site/trunk/faq.html (original) +++ nifi/site/trunk/faq.html Mon Jan 16 19:18:01 2017 @@ -51,6 +51,7 @@ <li><a href="videos.html">Videos</a></li> <li><a href="docs.html">NiFi Docs</a></li> <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> </ul> </li> <li class="has-dropdown"> Modified: nifi/site/trunk/index.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/index.html?rev=1779084&r1=1779083&r2=1779084&view=diff ============================================================================== --- nifi/site/trunk/index.html (original) +++ nifi/site/trunk/index.html Mon Jan 16 19:18:01 2017 @@ -51,6 +51,7 @@ <li><a href="videos.html">Videos</a></li> <li><a href="docs.html">NiFi Docs</a></li> <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> </ul> </li> <li class="has-dropdown"> Modified: nifi/site/trunk/licensing-guide.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/licensing-guide.html?rev=1779084&r1=1779083&r2=1779084&view=diff ============================================================================== --- nifi/site/trunk/licensing-guide.html (original) +++ nifi/site/trunk/licensing-guide.html Mon Jan 16 19:18:01 2017 @@ -51,6 +51,7 @@ <li><a href="videos.html">Videos</a></li> <li><a href="docs.html">NiFi Docs</a></li> <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> </ul> </li> <li class="has-dropdown"> Modified: nifi/site/trunk/mailing_lists.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/mailing_lists.html?rev=1779084&r1=1779083&r2=1779084&view=diff ============================================================================== --- nifi/site/trunk/mailing_lists.html (original) +++ nifi/site/trunk/mailing_lists.html Mon Jan 16 19:18:01 2017 @@ -51,6 +51,7 @@ <li><a href="videos.html">Videos</a></li> <li><a href="docs.html">NiFi Docs</a></li> <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> </ul> </li> <li class="has-dropdown"> Modified: nifi/site/trunk/people.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/people.html?rev=1779084&r1=1779083&r2=1779084&view=diff ============================================================================== --- nifi/site/trunk/people.html (original) +++ nifi/site/trunk/people.html Mon Jan 16 19:18:01 2017 @@ -51,6 +51,7 @@ <li><a href="videos.html">Videos</a></li> <li><a href="docs.html">NiFi Docs</a></li> <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> </ul> </li> <li class="has-dropdown"> @@ -212,11 +213,6 @@ <td>Andre F de Miranda</td> <td></td> </tr> - <tr> - <td>jskora</td> - <td>Joe Skora</td> - <td></td> - </tr> </table> </div> </div> @@ -252,6 +248,11 @@ <td></td> </tr> <tr> + <td>jskora</td> + <td>Joe Skora</td> + <td></td> + </tr> + <tr> <td>ozhurakousky</td> <td>Oleg Zhurakousky</td> <td></td> @@ -281,6 +282,16 @@ <td>Scott Aslan</td> <td></td> </tr> + <tr> + <td>jeremydyer</td> + <td>Jeremy Dyer</td> + <td></td> + </tr> + <tr> + <td>jfrazee</td> + <td>Joey Frazee</td> + <td></td> + </tr> </table> </div> </div> Modified: nifi/site/trunk/powered-by-nifi.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/powered-by-nifi.html?rev=1779084&r1=1779083&r2=1779084&view=diff ============================================================================== --- nifi/site/trunk/powered-by-nifi.html (original) +++ nifi/site/trunk/powered-by-nifi.html Mon Jan 16 19:18:01 2017 @@ -51,6 +51,7 @@ <li><a href="videos.html">Videos</a></li> <li><a href="docs.html">NiFi Docs</a></li> <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> </ul> </li> <li class="has-dropdown"> Modified: nifi/site/trunk/quickstart.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/quickstart.html?rev=1779084&r1=1779083&r2=1779084&view=diff ============================================================================== --- nifi/site/trunk/quickstart.html (original) +++ nifi/site/trunk/quickstart.html Mon Jan 16 19:18:01 2017 @@ -51,6 +51,7 @@ <li><a href="videos.html">Videos</a></li> <li><a href="docs.html">NiFi Docs</a></li> <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> </ul> </li> <li class="has-dropdown"> Modified: nifi/site/trunk/release-guide.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/release-guide.html?rev=1779084&r1=1779083&r2=1779084&view=diff ============================================================================== --- nifi/site/trunk/release-guide.html (original) +++ nifi/site/trunk/release-guide.html Mon Jan 16 19:18:01 2017 @@ -51,6 +51,7 @@ <li><a href="videos.html">Videos</a></li> <li><a href="docs.html">NiFi Docs</a></li> <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> </ul> </li> <li class="has-dropdown"> Added: nifi/site/trunk/security.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1779084&view=auto ============================================================================== --- nifi/site/trunk/security.html (added) +++ nifi/site/trunk/security.html Mon Jan 16 19:18:01 2017 @@ -0,0 +1,177 @@ +<!doctype html> +<html class="no-js" lang="en"> + <head> + <title>Apache NiFi Security Reports</title> + <meta charset="utf-8" /> + <meta name="viewport" content="width=device-width, initial-scale=1.0" /> + <link rel="shortcut icon" href="assets/images/nifi16.ico"/> + <link rel="stylesheet" href="assets/stylesheets/app.css" /> + <link rel="stylesheet" href="assets/stylesheets/font-awesome.min.css"> + <script src="assets/js/modernizr.js"></script> + <script src="assets/js/webfontloader.js"></script> + <script> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); + ga('create', 'UA-57264262-1', 'auto'); + ga('send', 'pageview'); + </script> + </head> + <body> + <div class="sticky contain-to-grid"> + <nav class="top-bar" data-topbar role="navigation"> + <ul class="title-area"> + <li class="name"> + <h1> + <a href="index.html"> + <img id="logo-top-bar" src="assets/images/nifi-drop-white.svg" alt="Apache NiFi"/> + </a> + </h1> + </li> + <!-- Remove the class "menu-icon" to get rid of menu icon. Take out "Menu" to just have icon alone --> + <li class="toggle-topbar menu-icon"><a href="#"><span></span></a></li> + </ul> + + <section class="top-bar-section"> + <!-- Right Nav Section --> + <ul class="right"> + <li class="has-dropdown"> + <a href="#">Project</a> + <ul class="dropdown"> + <li><a href="index.html">Home</a></li> + <li><a href="https://blogs.apache.org/nifi/";><i class="fa fa-external-link external-link"></i>Apache NiFi Blog</a></li> + <li><a href="https://www.apache.org/licenses/LICENSE-2.0";><i class="fa fa-external-link external-link"></i>License</a></li> + </ul> + </li> + <li class="has-dropdown"> + <a href="#">Documentation</a> + <ul class="dropdown"> + <li><a href="faq.html">FAQ</a></li> + <li><a href="videos.html">Videos</a></li> + <li><a href="docs.html">NiFi Docs</a></li> + <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> + </ul> + </li> + <li class="has-dropdown"> + <a href="#">Download</a> + <ul class="dropdown"> + <li><a href="download.html">Download NiFi</a></li> + <li><a href="https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version0.7.1";><i class="fa fa-external-link external-link"></i>Release Notes</a></li> + </ul> + </li> + <li class="has-dropdown"> + <a href="#">Community</a> + <ul class="dropdown"> + <li><a href="https://cwiki.apache.org/confluence/display/NIFI/Contributor+Guide";>Contributor Guide</a></li> + <li><a href="mailing_lists.html">Mailing Lists</a></li> + <li><a href="people.html">People</a></li> + <li><a href="powered-by-nifi.html">Powered by NiFi</a></li> + </ul> + </li> + <li class="has-dropdown"> + <a href="#">Development</a> + <ul class="dropdown"> + <li><a href="quickstart.html">Quickstart</a></li> + <li><a href="release-guide.html">Release Guide</a></li> + <li><a href="licensing-guide.html">Licensing Guide</a></li> + <li><a href="developer-guide.html">Developer Guide</a></li> + <li><a href="https://git-wip-us.apache.org/repos/asf/nifi.git";><i class="fa fa-external-link external-link"></i>Source</a></li> + <li><a href="https://issues.apache.org/jira/browse/NIFI";><i class="fa fa-external-link external-link"></i>Issues</a></li> + </ul> + </li> + <li class="has-dropdown"> + <a href="#">ASF Links</a> + <ul class="dropdown"> + <li><a href="https://www.apache.org";><i class="fa fa-external-link external-link"></i>Apache Software Foundation</a></li> + <li><a href="https://www.apache.org/foundation/sponsorship.html";><i class="fa fa-external-link external-link"></i>Sponsorship</a></li> + <li><a href="https://www.apache.org/security/";><i class="fa fa-external-link external-link"></i>Security</a></li> + <li><a href="https://www.apache.org/foundation/thanks.html";><i class="fa fa-external-link external-link"></i>Thanks</a></li> + </ul> + </li> + <li> + <a href="minifi/index.html">Subproject: MiNiFi</a> + </li> + </ul> + </section> + </nav> +</div> + + + + +<div class="large-space"></div> +</div> +<div class="medium-space"></div> +<div class="row"> + <div class="large-12 columns features"> + <h2>Fixed in Apache NiFi 1.0.1 and 1.1.1</h2> + </div> +</div> +<div class="row"> + <div class="large-12 columns"> + <p><b>CVE-2106-8748</b>: Apache NiFi XSS vulnerability in connection details dialogue</p> + <p>Severity: <b>Moderate</b></p> + <p>Versions Affected:</p> + <ul> + <li>Apache NiFi 1.0.0</li> + <li>Apache NiFi 1.1.0</li> + </ul> + </p> + <p>Description: There is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.</p> + <p>Mitigation: 1.0.0 users should upgrade to 1.0.1 or 1.1.1. 1.1.0 users should upgrade to 1.1.1. Additional migration guidance can be found <a href="https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance";>here</a></p> + <p>Credit: This issue was discovered by Matt Gilman of the Apache NiFi PMC during a code review.</p> + </div> + </div> +</div> +<div class="medium-space"></div> +<div class="row"> + <div class="large-12 columns features"> + <h2>Severity Levels</h2> + </div> +</div> +<div class="row"> + <p class="description">The following lists the severity levels and criteria followed. It closely aligns to and borrows from Apache HTTP Server Project <a href="https://httpd.apache.org/security/impact_levels.html";>guidance.</a></p> + <div class="large-12 columns"> + <table> + <tr> + <td>Critical</td> + <td>A vulnerability rated with a critical impact is one which could be potentially exploited by a remote attacker to get NiFi to execute arbitrary code either as the user the server is running as or root. These are the sorts of vulnerabilities that could be exploited automatically by worms.</td> + </tr> + <tr> + <td>Important</td> + <td>A vulnerability rated as Important impact is one which could result in the compromise of data or availability of the server. For Apache NiFi this includes issues that allow an easy remote denial of service or access to files that should be otherwise prevented by limits or authentication.</td> + </tr> + <tr> + <td>Moderate</td> + <td>A vulnerability is likely to be rated as Moderate if there is significant mitigation to make the issue less of an impact. This might be done because the flaw does not affect likely configurations, or it is a configuration that isn't widely used, or where a remote user must be authenticated in order to exploit the issue.</td> + </tr> + <tr> + <td>Low</td> + <td>All other security flaws are classed as a Low impact. This rating is used for issues that are believed to be extremely hard to exploit, or where an exploit gives minimal consequences.</td> + </tr> + </table> + </div> +</div> + + <div class="row"> + <div class="large-12 columns footer"> + <a href="https://www.apache.org";> + <img id="asf-logo" alt="Apache Software Foundation" src="assets/images/feather-small.gif"> + </a> + <div id="copyright"> + <p>Copyright © 2015 The Apache Software Foundation, Licensed under the <a + href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License, Version 2.0</a>.<br/>Apache, the + Apache feather logo, NiFi, Apache NiFi and the project logo are trademarks of The Apache Software + Foundation.</p> + </div> + </div> +</div> + + <script src="assets/js/jquery.min.js"></script> + <script src="assets/js/foundation.js"></script> + <script src="assets/js/app.js"></script> + </body> +</html> + Modified: nifi/site/trunk/videos.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/videos.html?rev=1779084&r1=1779083&r2=1779084&view=diff ============================================================================== --- nifi/site/trunk/videos.html (original) +++ nifi/site/trunk/videos.html Mon Jan 16 19:18:01 2017 @@ -51,6 +51,7 @@ <li><a href="videos.html">Videos</a></li> <li><a href="docs.html">NiFi Docs</a></li> <li><a href="https://cwiki.apache.org/confluence/display/NIFI";><i class="fa fa-external-link external-link"></i>Wiki</a></li> + <li><a href="security.html">Security Reports</a></li> </ul> </li> <li class="has-dropdown">
