[nifi-site] branch asf-site updated: Published changes from 8f264d9f71fa3b47c673c3100aa0e2e7481de424

github-bot Mon, 12 Jun 2023 07:21:31 -0700

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/nifi-site.git



The following commit(s) were added to refs/heads/asf-site by this push:
     new a4ce2f7  Published changes from 
8f264d9f71fa3b47c673c3100aa0e2e7481de424
a4ce2f7 is described below

commit a4ce2f73c18d9a1835cf3b39042fd4202bddf733
Author: github-actions[bot] 
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Mon Jun 12 14:21:21 2023 +0000

    Published changes from 8f264d9f71fa3b47c673c3100aa0e2e7481de424
---
 security.html | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 sitemap.xml   | 52 ++++++++++++++++++++++++-------------------------
 2 files changed, 88 insertions(+), 26 deletions(-)

diff --git a/security.html b/security.html
index 775ef64..b11492c 100644
--- a/security.html
+++ b/security.html
@@ -183,6 +183,67 @@
     </div>
 </div>
 <div class="medium-space"></div>
+
+<div class="row">
+    <div class="large-12 columns features">
+        <h2><a id="1.22.0" href="#1.22.0">Fixed in Apache NiFi 1.22.0</a></h2>
+    </div>
+</div>
+<!-- Vulnerabilities -->
+<div class="row">
+    <div class="large-12 columns features">
+        <h2><a id="1.22.0-vulnerabilities" 
href="#1.22.0-vulnerabilities">Vulnerabilities</a></h2>
+    </div>
+</div>
+<div class="row" style="background-color: aliceblue">
+    <div class="large-12 columns">
+        <p><a id="CVE-2023-34468" 
href="#CVE-2023-34468"><strong>CVE-2023-34468</strong></a>: Potential Code 
Injection with Database Services using H2</p>
+        <p>Severity: <strong>Important</strong></p>
+        <p>Versions Affected:</p>
+        <ul>
+            <li>Apache NiFi 0.0.2 - 1.21.0</li>
+        </ul>
+        </p>
+        <p>The DBCPConnectionPool and HikariCPConnectionPool Controller 
Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and 
authorized user to configure a Database URL with the H2 driver that enables 
custom code execution.</p>
+        <p>The resolution validates the Database URL and rejects H2 JDBC 
locations.</p>
+        <p>Mitigation: Upgrading to NiFi 1.22.0 disables H2 JDBC URLs in the 
default configuration.</p>
+        <p>Credit: This issue was discovered by Matei "Mal" Badanoiu</p>
+        <p>CVE Link: <a 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34468"; 
target="_blank">Mitre Database CVE-2023-34468</a></p>
+        <p>
+            NiFi Jira: <a 
href="https://issues.apache.org/jira/browse/NIFI-11653"; 
target="_blank">NIFI-11653</a>
+        </p>
+        <p>
+            NiFi PR: <a href="https://github.com/apache/nifi/pull/7349"; 
target="_blank">PR 7349</a>
+        </p>
+        <p>Released: 2023-06-12</p>
+    </div>
+</div>
+<div class="small-space"></div>
+<div class="row" style="background-color: aliceblue">
+    <div class="large-12 columns">
+        <p><a id="CVE-2023-34212" 
href="#CVE-2023-34212"><strong>CVE-2023-34212</strong></a>: Potential 
Deserialization of Untrusted Data with JNDI in JMS Components</p>
+        <p>Severity: <strong>Important</strong></p>
+        <p>Versions Affected:</p>
+        <ul>
+            <li>Apache NiFi 1.8.0 - 1.21.0</li>
+        </ul>
+        </p>
+        <p>The JndiJmsConnectionFactoryProvider Controller Service along with 
the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 
allow an authenticated and authorized user to configure URL and library 
properties that enable deserialization of untrusted data from a remote 
location.</p>
+        <p>The resolution validates the JNDI URL and restricts locations to a 
set of allowed schemes.</p>
+        <p>Mitigation: Upgrading to NiFi 1.22.0 disables LDAP for JNDI URLs in 
the default configuration.</p>
+        <p>Credit: This issue was discovered by Veraxy00 of Qianxin TI Center 
and also reported by Matei "Mal" Badanoiu</p>
+        <p>CVE Link: <a 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34212"; 
target="_blank">Mitre Database CVE-2023-34212</a></p>
+        <p>
+            NiFi Jira: <a 
href="https://issues.apache.org/jira/browse/NIFI-11614"; 
target="_blank">NIFI-11614</a>
+        </p>
+        <p>
+            NiFi PR: <a href="https://github.com/apache/nifi/pull/7313"; 
target="_blank">PR 7313</a>
+        </p>
+        <p>Released: 2023-06-12</p>
+    </div>
+</div>
+<div class="medium-space"></div>
+
 <div class="row">
     <div class="large-12 columns features">
         <h2><a id="1.20.0" href="#1.20.0">Fixed in Apache NiFi 1.20.0</a></h2>
@@ -194,6 +255,7 @@
         <h2><a id="1.20.0-vulnerabilities" 
href="#1.20.0-vulnerabilities">Vulnerabilities</a></h2>
     </div>
 </div>
+<div class="medium-space"></div>
 <div class="row" style="background-color: aliceblue">
     <div class="large-12 columns">
         <p><a id="CVE-2023-22832" 
href="#CVE-2023-22832"><strong>CVE-2023-22832</strong></a>: Improper 
Restriction of XML External Entity References in ExtractCCDAAttributes</p>
diff --git a/sitemap.xml b/sitemap.xml
index 2818b45..7b3a27a 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -3,81 +3,81 @@
   xmlns:xhtml="http://www.w3.org/1999/xhtml";>
   <url>
     <loc>https://nifi.apache.org/</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/fds.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/developer-guide.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/quickstart.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/docs.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/download.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/faq.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/fds-release-guide.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/licensing-guide.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/mailing_lists.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/download.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/faq.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/getting-started.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     
<loc>https://nifi.apache.org/minifi/minifi-java-agent-quick-start.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/system-admin-guide.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/minifi-toolkit.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/registry.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/registry-security.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/release-guide.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/security.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/people.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/videos.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/gpg.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/powered-by-nifi.html</loc>
-    <lastmod>2023-06-12T08:28:51-05:00</lastmod>
+    <lastmod>2023-06-12T09:20:27-05:00</lastmod>
   </url>
 </urlset>

[nifi-site] branch asf-site updated: Published changes from 8f264d9f71fa3b47c673c3100aa0e2e7481de424

Reply via email to