Author: joewitt
Date: Tue May 22 03:06:02 2018
New Revision: 1831997
URL: http://svn.apache.org/viewvc?rev=1831997&view=rev
Log:
Adding security update and powered by update
Modified:
nifi/site/trunk/powered-by-nifi.html
nifi/site/trunk/security.html
Modified: nifi/site/trunk/powered-by-nifi.html
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/powered-by-nifi.html?rev=1831997&r1=1831996&r2=1831997&view=diff
==============================================================================
--- nifi/site/trunk/powered-by-nifi.html (original)
+++ nifi/site/trunk/powered-by-nifi.html Tue May 22 03:06:02 2018
@@ -192,6 +192,11 @@
<td>Insurance</td>
<td>Hastings Group is a fast growing, agile, digitally focused
general insurance provider providing services to the UK car, van, bike and home
insurance market. We have strong relationships with all major price comparison
websites (PCWs) and utilise Apache NiFi to process and ingest millions of items
of data.</td>
</tr>
+ <tr>
+ <td><a href="https://ona.io/";>Ona</a></td>
+ <td>International Development and Humanitarian Aid</td>
+ <td>Ona is a software engineering and design firm based in
Nairobi, Kenya and Washington, DC. Our mission is to improve the effectiveness
of humanitarian and development aid by empowering organizations worldwide with
collective and actionable intelligence. We use Apache NiFi to ingest, process,
and disseminate global health and service delivery data from diverse
sources.</td>
+ </tr>
</table>
</div>
</div>
Modified: nifi/site/trunk/security.html
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/security.html?rev=1831997&r1=1831996&r2=1831997&view=diff
==============================================================================
--- nifi/site/trunk/security.html (original)
+++ nifi/site/trunk/security.html Tue May 22 03:06:02 2018
@@ -148,6 +148,72 @@
<div class="medium-space"></div>
<div class="row">
<div class="large-12 columns features">
+ <h2>Fixed in Apache NiFi 1.6.0</h2>
+ </div>
+</div>
+<div class="row">
+ <div class="large-12 columns">
+ <p><a id="CVE-2018-1309"
href="#CVE-2018-1309"><strong>CVE-2018-1309</strong></a>: Apache NiFi External
XML Entity issue in SplitXML processor</p>
+ <p>Severity: <strong>Moderate</strong></p>
+ <p>Versions Affected:</p>
+ <ul>
+ <li>Apache NiFi 0.1.0 - 1.5.0</li>
+ </ul>
+ </p>
+ <p>Description: Malicious XML content could cause information
disclosure or remote code execution. </p>
+ <p>Mitigation: The fix to disable external general entity parsing and
disallow doctype declarations was applied on the Apache NiFi 1.6.0 release.
Users running a prior 1.x release should upgrade to the appropriate release.
</p>
+ <p>Credit: This issue was discovered by åç ç¬. </p>
+ <p>Released: April 8, 2018</p>
+ </div>
+</div>
+<div class="row">
+ <div class="large-12 columns">
+ <p><a id="CVE-2018-1310"
href="#CVE-2018-1310"><strong>CVE-2018-1310</strong></a>: Apache NiFi JMS
Deserialization issue because of ActiveMQ client vulnerability</p>
+ <p>Severity: <strong>Moderate</strong></p>
+ <p>Versions Affected:</p>
+ <ul>
+ <li>Apache NiFi 0.1.0 - 1.5.0</li>
+ </ul>
+ </p>
+ <p>Description: Malicious JMS content could cause denial of service.
See <a
href="http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt";
target="_blank">ActiveMQ CVE-2015-5254 announcement</a> for more information.
</p>
+ <p>Mitigation: The fix to upgrade the activemq-client library to
5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x
release should upgrade to the appropriate release. </p>
+ <p>Credit: This issue was discovered by åç ç¬. </p>
+ <p>Released: April 8, 2018</p>
+ </div>
+</div>
+<div class="row">
+ <div class="large-12 columns">
+ <p><a id="CVE-2017-8028"
href="#CVE-2017-8028"><strong>CVE-2017-8028</strong></a>: Apache NiFi LDAP TLS
issue because of Spring Security LDAP vulnerability</p>
+ <p>Severity: <strong>Severe</strong></p>
+ <p>Versions Affected:</p>
+ <ul>
+ <li>Apache NiFi 0.1.0 - 1.5.0</li>
+ </ul>
+ </p>
+ <p>Description: Spring Security LDAP library was not enforcing
credential authentication after TLS handshake negotiation. See <a
href="https://nvd.nist.gov/vuln/detail/CVE-2017-8028"; target="_blank">NVD
CVE-2017-8028 disclosure</a> for more information. </p>
+ <p>Mitigation: The fix to upgrade the spring-ldap library to
2.3.2.RELEASE+ was applied on the Apache NiFi 1.6.0 release. Users running a
prior 1.x release should upgrade to the appropriate release. </p>
+ <p>Credit: This issue was discovered by Matthew Elder. </p>
+ <p>Released: April 8, 2018</p>
+ </div>
+</div>
+<div class="row">
+ <div class="large-12 columns">
+ <p><a id="CVE-2018-1324"
href="#CVE-2018-1324"><strong>CVE-2018-1324</strong></a>: Apache NiFi Denial of
service issue because of commons-compress vulnerability</p>
+ <p>Severity: <strong>Low</strong></p>
+ <p>Versions Affected:</p>
+ <ul>
+ <li>Apache NiFi 0.1.0 - 1.5.0</li>
+ </ul>
+ </p>
+ <p>Description: A vulnerability in the commons-compress library could
cause denial of service. See <a
href="https://commons.apache.org/proper/commons-compress/security-reports.html";
target="_blank">commons-compress CVE-2018-1234 announcement</a> for more
information. </p>
+ <p>Mitigation: The fix to upgrade the commons-compress library to
1.16.1 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x
release should upgrade to the appropriate release. </p>
+ <p>Credit: This issue was discovered by Joe Witt. </p>
+ <p>Released: April 8, 2018</p>
+ </div>
+</div>
+<div class="medium-space"></div>
+<div class="row">
+ <div class="large-12 columns features">
<h2>Fixed in Apache NiFi 1.5.0</h2>
</div>
</div>
