[nifi-site] branch master updated: Modified wording in security fixes for 1.11.0.

Fri, 24 Jan 2020 14:18:11 -0800 

This is an automated email from the ASF dual-hosted git repository.

alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi-site.git


The following commit(s) were added to refs/heads/master by this push:
     new 1c13d1d  Modified wording in security fixes for 1.11.0.
1c13d1d is described below

commit 1c13d1de3aa2959661007d2cf29fd56dd2a7b246
Author: Andy LoPresto <alopre...@apache.org>
AuthorDate: Fri Jan 24 14:17:13 2020 -0800

    Modified wording in security fixes for 1.11.0.
---
 src/pages/html/security.hbs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs
index 757fac2..a75d640 100644
--- a/src/pages/html/security.hbs
+++ b/src/pages/html/security.hbs
@@ -62,10 +62,10 @@ title: Apache NiFi Security Reports
         <p>Severity: <strong>Moderate</strong></p>
         <p>Versions Affected:</p>
         <ul>
-            <li>Apache NiFi 1.10.0 - 1.10.0</li>
+            <li>Apache NiFi 1.10.0</li>
         </ul>
         </p>
-        <p>Description: The sensitive parameter parser would log parsed values 
for debugging purposes. If the parameter was sensitive, it would be logged in 
plaintext. </p>
+        <p>Description: The sensitive parameter parser would log parsed values 
for debugging purposes. This would expose literal values entered in a sensitive 
property when no parameter was present. </p>
         <p>Mitigation: Removed debug logging from the class. Users running the 
1.10.0 release should upgrade to the latest release. </p>
         <p>Credit: This issue was discovered by Andy LoPresto. </p>
         <p>CVE Link: <a 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1928"; 
target="_blank">Mitre Database: CVE-2020-1928</a></p>
@@ -85,7 +85,7 @@ title: Apache NiFi Security Reports
         </p>
         <p>Description: Malicious scripts could be injected to the UI through 
action by an unaware authenticated user in Firefox. Did not appear to occur in 
other browsers.</p>
         <p>Mitigation: Sanitization of the error response ensures the XSS 
would not be executed. Users running a prior 1.x release should upgrade to the 
latest release. </p>
-        <p>Credit: This issue was discovered by Jakub Palaczynski. </p>
+        <p>Credit: This issue was discovered by Jakub Palaczynski (ING Tech 
Poland). </p>
         <p>CVE Link: <a 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1933"; 
target="_blank">Mitre Database: CVE-2020-1933</a></p>
         <p>NiFi Jira: <a 
href="https://issues.apache.org/jira/browse/NIFI-7023"; 
target="_blank">NIFI-7023</a></p>
         <p>NiFi PR: <a href="https://github.com/apache/nifi/pull/3991"; 
target="_blank">PR 3991</a></p>

Reply via email to