This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git
The following commit(s) were added to refs/heads/master by this push: new f934c5a Corrected credit for security vulnerability discovery. f934c5a is described below commit f934c5accaa6ef0a2cb8bfae60ec3e32662485ab Author: Andy LoPresto <alopre...@apache.org> AuthorDate: Thu Nov 14 09:22:09 2019 +0900 Corrected credit for security vulnerability discovery. --- src/pages/html/security.hbs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index 24dd684..eb74c72 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -58,7 +58,7 @@ title: Apache NiFi Security Reports </div> <div class="row" style="background-color: aliceblue"> <div class="large-12 columns"> - <p><a id="CVE-2019-10080" href="#CVE-2019-10080"><strong>CVE-2019-10080</strong></a>: Apache NiFi information disclosure by XXE </p> + <p><a id="CVE-2019-10080" href="#CVE-2019-10080"><strong>CVE-2019-10080</strong></a>: Apache NiFi information disclosure by XXE</p> <p>Severity: <strong>Low</strong></p> <p>Versions Affected:</p> <ul> @@ -67,7 +67,7 @@ title: Apache NiFi Security Reports </p> <p>Description: The XMLFileLookupService allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI instance uses. </p> <p>Mitigation: A validator to ensure the XML file is not malicious was applied on the Apache NiFi 1.10.0 release. Users running a prior 1.x release should upgrade to the appropriate release. </p> - <p>Credit: This issue was discovered by Shuibo Ye. </p> + <p>Credit: This issue was discovered by RunningSnail. </p> <p>CVE Link: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10080" target="_blank">Mitre Database: CVE-2019-10080</a></p> <p>NiFi Jira: <a href="https://issues.apache.org/jira/browse/NIFI-6301" target="_blank">NIFI-6301</a></p> <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/3507" target="_blank">PR 3507</a></p>