This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch support/nifi-1.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/support/nifi-1.x by this push:
new 57b4d92a3a NIFI-13621 Upgraded JGit to 5.13.3.202401111512 for
CVE-2023-4759
57b4d92a3a is described below
commit 57b4d92a3ae4b9ddccd13815b21f90222cb8d297
Author: Krisztina Zsihovszki <[email protected]>
AuthorDate: Fri Aug 2 15:15:56 2024 +0200
NIFI-13621 Upgraded JGit to 5.13.3.202401111512 for CVE-2023-4759
This closes #9141
Signed-off-by: David Handermann <[email protected]>
---
nifi-dependency-check-maven/suppressions.xml | 2 +-
nifi-registry/pom.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/nifi-dependency-check-maven/suppressions.xml
b/nifi-dependency-check-maven/suppressions.xml
index 091eccfcaa..c9fa8c0272 100644
--- a/nifi-dependency-check-maven/suppressions.xml
+++ b/nifi-dependency-check-maven/suppressions.xml
@@ -285,7 +285,7 @@
<cpe>cpe:/a:avro_project:avro</cpe>
</suppress>
<suppress>
- <notes>CVE-2023-4759 is resolved in 6.7.0 which is already upgraded in
nifi-registry</notes>
+ <notes>CVE-2023-4759 is resolved in v5.13.3.202401111512 which is
already upgraded in nifi-registry</notes>
<packageUrl regex="true">^pkg:maven/org\.eclipse\.jgit/.*$</packageUrl>
<cve>CVE-2023-4759</cve>
</suppress>
diff --git a/nifi-registry/pom.xml b/nifi-registry/pom.xml
index 83aba33759..6de3b03399 100644
--- a/nifi-registry/pom.xml
+++ b/nifi-registry/pom.xml
@@ -42,7 +42,7 @@
<swagger.ui.version>3.12.0</swagger.ui.version>
<groovy.eclipse.compiler.version>3.7.0</groovy.eclipse.compiler.version>
<jaxb.version>2.3.2</jaxb.version>
- <jgit.version>5.13.2.202306221912-r</jgit.version>
+ <jgit.version>5.13.3.202401111512-r</jgit.version>
<!-- JGit 5.13 requires SSHD 2.9.3 or earlier -->
<org.apache.sshd.version>2.9.3</org.apache.sshd.version>
</properties>
