[nifi-site] branch asf-site updated: Published changes from 9c3d7df3268c9dc013da07c5f30909ab536018ba

Fri, 28 Jul 2023 19:23:31 -0700 

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/nifi-site.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 5ec4c63  Published changes from 
9c3d7df3268c9dc013da07c5f30909ab536018ba
5ec4c63 is described below

commit 5ec4c6377b1848937e876898952abef4c31be4df
Author: github-actions[bot] 
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Sat Jul 29 02:23:22 2023 +0000

    Published changes from 9c3d7df3268c9dc013da07c5f30909ab536018ba
---
 security.html | 41 +++++++++++++++++++++++++++++++++++++++++
 sitemap.xml   | 54 +++++++++++++++++++++++++++---------------------------
 2 files changed, 68 insertions(+), 27 deletions(-)

diff --git a/security.html b/security.html
index 16217ff..0ce9e43 100644
--- a/security.html
+++ b/security.html
@@ -185,6 +185,47 @@
 </div>
 <div class="medium-space"></div>
 
+<div class="row">
+  <div class="large-12 columns features">
+    <h2><a id="1.23.0" href="#1.23.0">Fixed in Apache NiFi 1.23.0</a></h2>
+  </div>
+</div>
+<!-- Vulnerabilities -->
+<div class="row">
+  <div class="large-12 columns features">
+    <h2><a id="1.23.0-vulnerabilities" 
href="#1.23.0-vulnerabilities">Vulnerabilities</a></h2>
+  </div>
+</div>
+<div class="row" style="background-color: aliceblue">
+  <div class="large-12 columns">
+    <p><a id="CVE-2023-36542" 
href="#CVE-2023-36542"><strong>CVE-2023-36542</strong></a>: Potential Code 
Injection with Properties Referencing Remote Resources</p>
+    <p>Severity: <strong>Moderate</strong></p>
+    <p>Versions Affected:</p>
+    <ul>
+      <li>Apache NiFi 0.0.2 - 1.22.0</li>
+    </ul>
+    </p>
+    <p>
+      Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller 
Services that support HTTP URL references for
+      retrieving drivers, which allows an authenticated and authorized user to 
configure a location that enables custom
+      code execution. The resolution introduces a new Required Permission for 
referencing remote resources, restricting
+      configuration of these components to privileged users. The permission 
prevents unprivileged users from configuring
+      Processors and Controller Services annotated with the new Reference 
Remote Resources restriction. Upgrading to
+      Apache NiFi 1.23.0 is the recommended mitigation.
+    </p>
+    <p>Credit: This issue was discovered by nbxiglk</p>
+    <p>CVE Link: <a 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36542"; 
target="_blank">Mitre Database CVE-2023-36542</a></p>
+    <p>
+      NiFi Jira: <a href="https://issues.apache.org/jira/browse/NIFI-11744"; 
target="_blank">NIFI-11744</a>
+    </p>
+    <p>
+      NiFi PR: <a href="https://github.com/apache/nifi/pull/7426"; 
target="_blank">PR 7426</a>
+    </p>
+    <p>Released: 2023-07-28</p>
+  </div>
+</div>
+<div class="medium-space"></div>
+
 <div class="row">
     <div class="large-12 columns features">
         <h2><a id="1.22.0" href="#1.22.0">Fixed in Apache NiFi 1.22.0</a></h2>
diff --git a/sitemap.xml b/sitemap.xml
index 0929601..101fff4 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -3,84 +3,84 @@
   xmlns:xhtml="http://www.w3.org/1999/xhtml";>
   <url>
     <loc>https://nifi.apache.org/</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/fds.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/developer-guide.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/quickstart.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/docs.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/download.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/faq.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/fds-release-guide.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/licensing-guide.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/mailing_lists.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/download.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/faq.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/getting-started.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     
<loc>https://nifi.apache.org/minifi/minifi-java-agent-quick-start.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/system-admin-guide.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi/minifi-toolkit.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/nifi-maven-release-guide.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/registry.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/registry-security.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/release-guide.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/security.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/people.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/videos.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/gpg.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/minifi.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url><url>
     <loc>https://nifi.apache.org/powered-by-nifi.html</loc>
-    <lastmod>2023-07-28T17:46:23-05:00</lastmod>
+    <lastmod>2023-07-28T21:22:10-05:00</lastmod>
   </url>
 </urlset>

Reply via email to