Author: alopresto
Date: Tue Oct 10 00:23:53 2017
New Revision: 1811629
URL: http://svn.apache.org/viewvc?rev=1811629&view=rev
Log:
Added release dates and link anchors to security reports.
Modified:
nifi/site/trunk/security.html
Modified: nifi/site/trunk/security.html
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1811629&r1=1811628&r2=1811629&view=diff
==============================================================================
--- nifi/site/trunk/security.html (original)
+++ nifi/site/trunk/security.html Tue Oct 10 00:23:53 2017
@@ -155,7 +155,7 @@
</div>
<div class="row">
<div class="large-12 columns">
- <p><b>CVE-2017-12623</b>: Apache NiFi XXE issue in template XML
upload</p>
+ <p><a id="CVE-2017-12623"
href="#CVE-2017-12623"><b>CVE-2017-12623</b></a>: Apache NiFi XXE issue in
template XML upload</p>
<p>Severity: <b>Medium</b></p>
<p>Versions Affected:</p>
<ul>
@@ -165,6 +165,7 @@
<p>Description: An authorized user could upload a template which
contained malicious code and accessed sensitive files via an XML External
Entity (XXE) attack. </p>
<p>Mitigation: The fix to properly handle XML External Entities was
applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release
should upgrade to the appropriate release. </p>
<p>Credit: This issue was discovered by PaweÅ Gocyla. </p>
+ <p>Released: October 2, 2017</p>
</div>
</div>
<div class="medium-space"></div>
@@ -175,7 +176,7 @@
</div>
<div class="row">
<div class="large-12 columns">
- <p><b>CVE-2017-7665</b>: Apache NiFi XSS issue on certain user input
components</p>
+ <p><a id="CVE-2017-7665"
href="#CVE-2017-7665"><b>CVE-2017-7665</b></a>: Apache NiFi XSS issue on
certain user input components</p>
<p>Severity: <b>Important</b></p>
<p>Versions Affected:</p>
<ul>
@@ -187,11 +188,12 @@
<p>Mitigation: The fix for more complete user input sanitization will
be applied on Apache NiFi 0.7.4 and Apache NiFi 1.3.0 releases. Users running a
prior 0.x or 1.x release should upgrade to
the appropriate release. </p>
<p>Credit: This issue was discovered by Matt Gilman.</p>
+ <p>Released: May 8, 2017 (1.2.0); May 17, 2017 (0.7.3)</p>
</div>
</div>
<div class="row">
<div class="large-12 columns">
- <p><b>CVE-2017-7667</b>: Apache NiFi XFS issue due to insufficient
response headers</p>
+ <p><a id="CVE-2017-7667"
href="#CVE-2017-7667"><b>CVE-2017-7667</b></a>: Apache NiFi XFS issue due to
insufficient response headers</p>
<p>Severity: <b>Important</b></p>
<p>Versions Affected:</p>
<ul>
@@ -203,6 +205,7 @@
<p>Mitigation: The fix to set this response header will be applied on
Apache NiFi 0.7.4 and Apache NiFi 1.3.0 releases. Users running a prior 0.x or
1.x release should upgrade to the
appropriate release. </p>
<p>Credit: This issue was discovered by Matt Gilman.</p>
+ <p>Released: May 8, 2017 (1.2.0); May 17, 2017 (0.7.3)</p>
</div>
</div>
<div class="medium-space"></div>
@@ -213,7 +216,7 @@
</div>
<div class="row">
<div class="large-12 columns">
- <p><b>CVE-2017-5635</b>: Apache NiFi Unauthorized Data Access In
Cluster Environment</p>
+ <p><a id="CVE-2017-5635"
href="#CVE-2017-5635"><b>CVE-2017-5635</b></a>: Apache NiFi Unauthorized Data
Access In Cluster Environment</p>
<p>Severity: <b>Important</b></p>
<p>Versions Affected:</p>
<ul>
@@ -229,11 +232,12 @@
should upgrade to 1.1.2. 0.x users running a clustered environment
should upgrade to 0.7.2. Additional migration guidance can be found <a
href="https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance";>here</a>.
</p>
<p>Credit: This issue was discovered by Leonardo Dias in conjunction
with Matt Gilman.</p>
+ <p>Released: February 20, 2017</p>
</div>
</div>
<div class="row">
<div class="large-12 columns">
- <p><b>CVE-2017-5636</b>: Apache NiFi User Impersonation In Cluster
Environment</p>
+ <p><a id="CVE-2017-5636"
href="#CVE-2017-5636"><b>CVE-2017-5636</b></a>: Apache NiFi User Impersonation
In Cluster Environment</p>
<p>Severity: <b>Moderate</b></p>
<p>Versions Affected:</p>
<ul>
@@ -249,6 +253,7 @@
1.1.2. 1.x users running a clustered environment should upgrade to
1.1.2. 0.x users running a clustered environment should upgrade to 0.7.2.
Additional migration guidance can be found <a
href="https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance";>here</a>.
</p>
<p>Credit: This issue was discovered by Andy LoPresto.</p>
+ <p>Released: February 20, 2017</p>
</div>
</div>
<div class="medium-space"></div>
@@ -259,7 +264,7 @@
</div>
<div class="row">
<div class="large-12 columns">
- <p><b>CVE-2016-8748</b>: Apache NiFi XSS vulnerability in connection
details dialogue</p>
+ <p><a id="CVE-2016-8748"
href="#CVE-2016-8748"><b>CVE-2016-8748</b></a>: Apache NiFi XSS vulnerability
in connection details dialogue</p>
<p>Severity: <b>Moderate</b></p>
<p>Versions Affected:</p>
<ul>
@@ -272,6 +277,7 @@
<p>Mitigation: 1.0.0 users should upgrade to 1.0.1 or 1.1.1. 1.1.0
users should upgrade to 1.1.1. Additional migration guidance can be found <a
href="https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance";>here</a>.
</p>
<p>Credit: This issue was discovered by Matt Gilman of the Apache NiFi
PMC during a code review.</p>
+ <p>Released: December 19, 2016 (1.0.1); December 22, 2016 (1.1.1)</p>
</div>
</div>
<div class="medium-space"></div>
