[nifi-site] branch asf-site updated: Published changes from 74f587d7e23961a52f82e144f588e7e81852d0fc

Thu, 09 Feb 2023 15:09:52 -0800 

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/nifi-site.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 7286403  Published changes from 
74f587d7e23961a52f82e144f588e7e81852d0fc
7286403 is described below

commit 72864039d4bf7e8ccdef627ff669f804a3b9abe6
Author: github-actions[bot] 
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Thu Feb 9 23:09:43 2023 +0000

    Published changes from 74f587d7e23961a52f82e144f588e7e81852d0fc
---
 security.html | 36 ++++++++++++++++++++++++++++++++++++
 sitemap.xml   | 52 ++++++++++++++++++++++++++--------------------------
 2 files changed, 62 insertions(+), 26 deletions(-)

diff --git a/security.html b/security.html
index dbd02af..775ef64 100644
--- a/security.html
+++ b/security.html
@@ -183,6 +183,42 @@
     </div>
 </div>
 <div class="medium-space"></div>
+<div class="row">
+    <div class="large-12 columns features">
+        <h2><a id="1.20.0" href="#1.20.0">Fixed in Apache NiFi 1.20.0</a></h2>
+    </div>
+</div>
+<!-- Vulnerabilities -->
+<div class="row">
+    <div class="large-12 columns features">
+        <h2><a id="1.20.0-vulnerabilities" 
href="#1.20.0-vulnerabilities">Vulnerabilities</a></h2>
+    </div>
+</div>
+<div class="row" style="background-color: aliceblue">
+    <div class="large-12 columns">
+        <p><a id="CVE-2023-22832" 
href="#CVE-2023-22832"><strong>CVE-2023-22832</strong></a>: Improper 
Restriction of XML External Entity References in ExtractCCDAAttributes</p>
+        <p>Severity: <strong>Moderate</strong></p>
+        <p>Versions Affected:</p>
+        <ul>
+            <li>Apache NiFi 1.2.0 - 1.19.1</li>
+        </ul>
+        </p>
+        <p>The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 
1.19.1 does not restrict XML External Entity references.</p>
+        <p>Flow configurations that include the ExtractCCDAAttributes 
Processor are vulnerable to malicious XML documents that contain Document Type 
Declarations with XML External Entity references.</p>
+        <p>The resolution disables Document Type Declarations and disallows 
XML External Entity resolution in the ExtractCCDAAttributes Processor.</p>
+        <p>Mitigation: Upgrading to NiFi 1.20.0 disables Document Type 
Declarations in the default configuration for ExtractCCDAAttributes.</p>
+        <p>Credit: This issue was discovered by Yi Cai of Chaitin Tech</p>
+        <p>CVE Link: <a 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22832"; 
target="_blank">Mitre Database CVE-2023-22832</a></p>
+        <p>
+            NiFi Jira: <a 
href="https://issues.apache.org/jira/browse/NIFI-11029"; 
target="_blank">NIFI-11029</a>
+        </p>
+        <p>
+            NiFi PR: <a href="https://github.com/apache/nifi/pull/6828"; 
target="_blank">PR 6828</a>
+        </p>
+        <p>Released: 2023-02-09</p>
+    </div>
+</div>
+<div class="medium-space"></div>
 <div class="row">
     <div class="large-12 columns features">
         <h2><a id="1.16.3" href="#1.16.3">Fixed in Apache NiFi 1.16.3</a></h2>
diff --git a/sitemap.xml b/sitemap.xml
index bd7e0ac..8772c74 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -3,81 +3,81 @@
   xmlns:xhtml="http://www.w3.org/1999/xhtml";>
   <url>
     <loc>https://nifi.apache.org/</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/fds.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/developer-guide.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/quickstart.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/docs.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/download.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/faq.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/fds-release-guide.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/licensing-guide.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/mailing_lists.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/download.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/faq.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/getting-started.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     
<loc>https://nifi.apache.org/minifi/minifi-java-agent-quick-start.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/system-admin-guide.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/minifi-toolkit.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/registry.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/registry-security.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/release-guide.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/security.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/people.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/videos.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/gpg.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/powered-by-nifi.html</loc>
-    <lastmod>2023-02-09T16:51:51-06:00</lastmod>
+    <lastmod>2023-02-09T17:09:09-06:00</lastmod>
   </url>
 </urlset>

Reply via email to