Author: thenatog
Date: Thu Jun 9 21:05:34 2022
New Revision: 1901791
URL: http://svn.apache.org/viewvc?rev=1901791&view=rev
Log:
Corrected error on NiFi Registry security page
Modified:
nifi/site/trunk/registry-security.html
Modified: nifi/site/trunk/registry-security.html
URL:
http://svn.apache.org/viewvc/nifi/site/trunk/registry-security.html?rev=1901791&r1=1901790&r2=1901791&view=diff
==============================================================================
--- nifi/site/trunk/registry-security.html (original)
+++ nifi/site/trunk/registry-security.html Thu Jun 9 21:05:34 2022
@@ -171,8 +171,8 @@
<p>Description: If NiFi Registry uses an authentication mechanism
other than PKI, when the user clicks Log Out, NiFi Registry invalidates the
authentication token on the client side but not on the server side. This
permits the user's client-side token to be used for up to 12 hours after
logging out to make API requests to NiFi Registry. </p>
<p>Mitigation: The fix to invalidate the server-side authentication
token immediately after the user clicks 'Log Out' was applied in the Apache
NiFi Registry 0.6.0 release. </p>
<p>CVE Link: <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9482";
target="_blank">Mitre Database: CVE-2020-9482</a></p>
- <p>NiFi Registry Jira: <a
href="https://issues.apache.org/jira/browse/NIFIREG-387";
target="_blank">NIFIREG-387</a></p>
- <p>NiFi Registry PR: <a
href="https://github.com/apache/nifi-registry/pull/277"; target="_blank">PR
277</a></p>
+ <p>NiFi Registry Jira: <a
href="https://issues.apache.org/jira/browse/NIFIREG-361";
target="_blank">NIFIREG-361</a></p>
+ <p>NiFi Registry PR: <a
href="https://github.com/apache/nifi-registry/pull/259"; target="_blank">PR
259</a></p>
<p>Released: April 7, 2020</p>
</div>
</div>
