Modified: nifi/site/trunk/people.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/people.html?rev=1785781&r1=1785780&r2=1785781&view=diff ============================================================================== --- nifi/site/trunk/people.html (original) +++ nifi/site/trunk/people.html Mon Mar 6 23:14:44 2017 @@ -218,6 +218,11 @@ <td>Joe Skora</td> <td></td> </tr> + <tr> + <td>jwing</td> + <td>James Wing</td> + <td></td> + </tr> </table> </div> </div> @@ -292,11 +297,6 @@ <td>Joey Frazee</td> <td></td> </tr> - <tr> - <td>jwing</td> - <td>James Wing</td> - <td></td> - </tr> </table> </div> </div>
Modified: nifi/site/trunk/powered-by-nifi.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/powered-by-nifi.html?rev=1785781&r1=1785780&r2=1785781&view=diff ============================================================================== --- nifi/site/trunk/powered-by-nifi.html (original) +++ nifi/site/trunk/powered-by-nifi.html Mon Mar 6 23:14:44 2017 @@ -166,17 +166,17 @@ <td>GoDataDriven, a Dutch service company in the data science and engineering space, helps customers ingest and process data in real time from the most disparate devices (including but not limited to trains!).</td> </tr> <tr> - <td><a href="https://looker.com";>Looker</td> + <td><a href="https://looker.com";>Looker</a></td> <td>SaaS & Analytics Software</td> <td>We're building all new data ingestion pipelines using NiFi. Existing pipelines are being migrated to NiFi as well. We have deployed NiFi clusters to ingest, transform, and deliver data to various backends like Google Big Query, Amazon Redshift, and Amazon S3.</td> </tr> <tr> - <td><a href="https://www.thinkbiganalytics.com";>Think Big, A Teradata Company</td> + <td><a href="https://www.thinkbiganalytics.com";>Think Big, A Teradata Company</a></td> <td>Data Science & Engineering</td> <td>Think Big's open-source data lake management platform <a href="http://kylo.io";>Kylo</a> offers a turn-key, enterprise-ready data lake solution that integrates best practices around metadata management, governance, and security gleaned from Think Big's 150+ big data implementation projects. Kylo uses Apache NiFi as the underlying scheduler and orchestration engine, along with other technologies like Apache Hadoop and Apache Spark.</td> </tr> <tr> - <td><a href="http://www.hashmapinc.com/";>Hashmap, Inc.</td> + <td><a href="http://www.hashmapinc.com/";>Hashmap, Inc.</a></td> <td>Big Data / IoT</td> <td>Hashmap uses Apache NiFi to securely collect, transmit, and transform data for ingest and delivery into our IoT / Time Series Accelerator platform, allowing for outcome-based, real time analytics and visualization of oil & gas, utilities, manufacturing, industrial, retail, pharma, and process control data. Additionally, we are creating a catalog of open source, ready-to-run, industry specific NiFi processors and controller services for protocols like OPC-UA, ETP, WITSML, LAS, and many others.</td> </tr> Modified: nifi/site/trunk/security.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1785781&r1=1785780&r2=1785781&view=diff ============================================================================== --- nifi/site/trunk/security.html (original) +++ nifi/site/trunk/security.html Mon Mar 6 23:14:44 2017 @@ -106,6 +106,48 @@ <div class="medium-space"></div> <div class="row"> <div class="large-12 columns features"> + <h2>Fixed in Apache NiFi 0.7.2 and 1.1.2</h2> + </div> +</div> +<div class="row"> + <div class="large-12 columns"> + <p><b>CVE-2107-5635</b>: Apache NiFi Unauthorized Data Access In Cluster Environment</p> + <p>Severity: <b>Important</b></p> + <p>Versions Affected:</p> + <ul> + <li>Apache NiFi 0.7.0</li> + <li>Apache NiFi 0.7.1</li> + <li>Apache NiFi 1.1.0</li> + <li>Apache NiFi 1.1.1</li> + </ul> + </p> + <p>Description: In a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the âanonymousâ user. </p> + <p>Mitigation: A fix has been provided (removing the negative check for anonymous user before building the proxy chain and throwing an exception, and evaluating each user in the proxy chain iteration and comparing against a static constant anonymous user). This fix was applied in NIFI-3487 and released in Apache NiFi 0.7.2 and 1.1.2. 1.x users running a clustered environment should upgrade to 1.1.2. 0.x users running a clustered environment should upgrade to 0.7.2. Additional migration guidance can be found <a href="https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance";>here</a>. </p> + <p>Credit: This issue was discovered by Leonardo Dias in conjunction with Matt Gilman.</p> + </div> + </div> +</div> +<div class="row"> + <div class="large-12 columns"> + <p><b>CVE-2107-5636</b>: Apache NiFi User Impersonation In Cluster Environment</p> + <p>Severity: <b>Moderate</b></p> + <p>Versions Affected:</p> + <ul> + <li>Apache NiFi 0.7.0</li> + <li>Apache NiFi 0.7.1</li> + <li>Apache NiFi 1.1.0</li> + <li>Apache NiFi 1.1.1</li> + </ul> + </p> + <p>Description: In a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node. </p> + <p>Mitigation: A fix has been provided (modification of the tokenization code and sanitization of user-provided input). This fix was applied in NIFI-3487 and released in Apache NiFi 0.7.2 and 1.1.2. 1.x users running a clustered environment should upgrade to 1.1.2. 0.x users running a clustered environment should upgrade to 0.7.2. Additional migration guidance can be found <a href="https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance";>here</a>. </p> + <p>Credit: This issue was discovered by Andy LoPresto.</p> + </div> + </div> +</div> +<div class="medium-space"></div> +<div class="row"> + <div class="large-12 columns features"> <h2>Fixed in Apache NiFi 1.0.1 and 1.1.1</h2> </div> </div> @@ -120,7 +162,7 @@ </ul> </p> <p>Description: There is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.</p> - <p>Mitigation: 1.0.0 users should upgrade to 1.0.1 or 1.1.1. 1.1.0 users should upgrade to 1.1.1. Additional migration guidance can be found <a href="https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance";>here</a></p> + <p>Mitigation: 1.0.0 users should upgrade to 1.0.1 or 1.1.1. 1.1.0 users should upgrade to 1.1.1. Additional migration guidance can be found <a href="https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance";>here</a>. </p> <p>Credit: This issue was discovered by Matt Gilman of the Apache NiFi PMC during a code review.</p> </div> </div>
