This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/nifi-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 882dbdbe Published changes from
c59e74508e59de76c8723b69ec6f7b536fe684e0
882dbdbe is described below
commit 882dbdbe7f1135cfca2077418e32041fd3738703
Author: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Wed Nov 20 17:29:38 2024 +0000
Published changes from c59e74508e59de76c8723b69ec6f7b536fe684e0
---
development/index.html | 2 +-
documentation/guides/fds-releases/index.html | 2 +-
documentation/guides/index.html | 2 +-
documentation/guides/licensing/index.html | 2 +-
.../guides/maven-plugin-releases/index.html | 2 +-
documentation/guides/releases/index.html | 2 +-
documentation/guides/signing/index.html | 2 +-
documentation/index.html | 2 +-
documentation/security/index.html | 46 +++++++++++++++++++++-
sitemap.xml | 38 +++++++++---------
10 files changed, 72 insertions(+), 28 deletions(-)
diff --git a/development/index.html b/development/index.html
index ac111b73..59859ff2 100644
--- a/development/index.html
+++ b/development/index.html
@@ -563,7 +563,7 @@
</div>
<main>
<div class="uk-container iframe-container">
- <h1 id="apache-hahahugoshortcode405s0hbhb-development">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
+ <h1 id="apache-hahahugoshortcode406s0hbhb-development">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
Development</h1>
<h2 id="development-process">Development Process</h2>
<ul>
diff --git a/documentation/guides/fds-releases/index.html
b/documentation/guides/fds-releases/index.html
index d9bac16a..3dadb612 100644
--- a/documentation/guides/fds-releases/index.html
+++ b/documentation/guides/fds-releases/index.html
@@ -563,7 +563,7 @@
</div>
<main>
<div class="uk-container">
- <h1
id="apache-hahahugoshortcode409s0hbhb-flow-design-system-releases">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
+ <h1
id="apache-hahahugoshortcode410s0hbhb-flow-design-system-releases">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
Flow Design System Releases</h1>
<p>The purpose of this document is to capture and describe the steps involved
in producing
an official release of Apache NiFi Flow Design System. It is written
specifically to someone acting in the
diff --git a/documentation/guides/index.html b/documentation/guides/index.html
index a2273fad..2aed097b 100644
--- a/documentation/guides/index.html
+++ b/documentation/guides/index.html
@@ -563,7 +563,7 @@
</div>
<main>
<div class="uk-container iframe-container">
- <h1 id="apache-hahahugoshortcode408s0hbhb-guides">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
+ <h1 id="apache-hahahugoshortcode409s0hbhb-guides">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
Guides</h1>
<h2 id="development-process">Development Process</h2>
<ul>
diff --git a/documentation/guides/licensing/index.html
b/documentation/guides/licensing/index.html
index 6b7a93fb..facd148f 100644
--- a/documentation/guides/licensing/index.html
+++ b/documentation/guides/licensing/index.html
@@ -563,7 +563,7 @@
</div>
<main>
<div class="uk-container">
- <h1 id="apache-hahahugoshortcode416s0hbhb-licensing">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
+ <h1 id="apache-hahahugoshortcode411s0hbhb-licensing">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
Licensing</h1>
<p>This document provides guidance to contributors of Apache NiFi to help
properly account for licensing, notice, and legal requirements.</p>
<h4 id="disclaimer">Disclaimer:</h4>
diff --git a/documentation/guides/maven-plugin-releases/index.html
b/documentation/guides/maven-plugin-releases/index.html
index 8de0a982..383f3db7 100644
--- a/documentation/guides/maven-plugin-releases/index.html
+++ b/documentation/guides/maven-plugin-releases/index.html
@@ -563,7 +563,7 @@
</div>
<main>
<div class="uk-container">
- <h1
id="apache-hahahugoshortcode421s0hbhb-nar-maven-plugin-releases">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
+ <h1
id="apache-hahahugoshortcode412s0hbhb-nar-maven-plugin-releases">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
NAR Maven Plugin Releases</h1>
<p>The purpose of this document is to capture and describe the steps involved
in producing
an official release of Apache NiFi NAR Maven Plugin. It is written
specifically to someone acting in the
diff --git a/documentation/guides/releases/index.html
b/documentation/guides/releases/index.html
index 7c68606b..4b4fa1a0 100644
--- a/documentation/guides/releases/index.html
+++ b/documentation/guides/releases/index.html
@@ -563,7 +563,7 @@
</div>
<main>
<div class="uk-container">
- <h1 id="apache-hahahugoshortcode413s0hbhb-releases">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
+ <h1 id="apache-hahahugoshortcode421s0hbhb-releases">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
Releases</h1>
<p>This document describes the steps required to build and release an official
version of the project.</p>
<h2 id="objective">Objective</h2>
diff --git a/documentation/guides/signing/index.html
b/documentation/guides/signing/index.html
index 8040b138..8462eed7 100644
--- a/documentation/guides/signing/index.html
+++ b/documentation/guides/signing/index.html
@@ -563,7 +563,7 @@
</div>
<main>
<div class="uk-container">
- <h1
id="apache-hahahugoshortcode412s0hbhb-commit-and-release-signing">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
+ <h1
id="apache-hahahugoshortcode416s0hbhb-commit-and-release-signing">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
Commit and Release Signing</h1>
<p>The purpose of this document is to capture and describe the steps involved
in generating and verifying cryptographic signatures of official releases of
Apache NiFi, as well as configuring cryptographic signatures of individual code
commits. It is written for contributors, committers, and users of Apache NiFi
(and related applications).</p>
<h2 id="a-nametable-of-contentstable-of-contentsa"><a
name="table-of-contents">Table of Contents</a></h2>
diff --git a/documentation/index.html b/documentation/index.html
index 1a596a80..d8f1fd27 100644
--- a/documentation/index.html
+++ b/documentation/index.html
@@ -563,7 +563,7 @@
</div>
<main>
<div class="uk-container iframe-container">
- <h1 id="apache-hahahugoshortcode406s0hbhb-documentation">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
+ <h1 id="apache-hahahugoshortcode405s0hbhb-documentation">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
Documentation</h1>
<h2 id="configuration-and-component-properties">Configuration and Component
Properties</h2>
<ul>
diff --git a/documentation/security/index.html
b/documentation/security/index.html
index 4fd678c6..540b0a98 100644
--- a/documentation/security/index.html
+++ b/documentation/security/index.html
@@ -563,7 +563,7 @@
</div>
<main>
<div class="uk-container">
- <h1 id="apache-hahahugoshortcode407s0hbhb-security">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
+ <h1 id="apache-hahahugoshortcode408s0hbhb-security">Apache <span
class="ni">Ni</span><span class="fi">Fi</span>
Security</h1>
<p>Apache NiFi welcomes the responsible reporting of security vulnerabilities.
Project Management Committee members will
collaborate and respond to potential vulnerabilities, providing an assessment
of the concern and a plan of action to
@@ -614,6 +614,50 @@ contrary to best practices, but it does not constitute of
security issue for rem
</ul>
<h1 id="published-vulnerabilities">Published Vulnerabilities</h1>
<p>The following announcements include published vulnerabilities that apply
directly to Apache NiFi components.</p>
+<div class="vulnerability-container">
+ <h3 id="CVE-2024-52067">CVE-2024-52067</h3>
+
+ <ul>
+ <li>Title: Potential Insertion of Sensitive Parameter Values in Debug
Log</li>
+ <li>Published: 2024-11-20</li>
+ <li>Severity: Medium</li>
+ <li>Products: Apache NiFi</li>
+ <li>Affected Versions: 1.16.0 to 1.28.0 and 2.0.0-M1 to 2.0.0-M4</li>
+ <li>Fixed Versions: 1.28.1 and 2.0.0</li>
+ <li>Reporter: David Handermann</li>
+ <li>References
+ <ul>
+ <li>
+ CVE Record: <a
href="https://www.cve.org/CVERecord?id=CVE-2024-52067";
target="_blank">CVE-2024-52067</a>
+ </li>
+ <li>
+ NVD Record: <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-52067";
target="_blank">CVE-2024-52067</a>
+ </li>
+ <li>
+ Apache Jira Issue: <a
href="https://issues.apache.org/jira/browse/NIFI-13971";
target="_blank">NIFI-13971</a>
+ </li>
+
+ <li>
+ GitHub Pull Request: <a
href="https://github.com/apache/nifi/pull/9489"; target="_blank">9489</a>
+ </li>
+
+ </ul>
+ </li>
+ </ul>
+
+ <p class="vulnerability-description">
+
+
+Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include
optional debug logging of Parameter Context values
+during the flow synchronization process. An authorized administrator with
access to change logging levels could enable debug logging
+for framework flow synchronization, causing the application to write Parameter
names and values to the application log.
+Parameter Context values may contain sensitive information depending on
application flow configuration.
+Deployments of Apache NiFi with the default Logback configuration do not log
Parameter Context values.
+Upgrading to Apache NiFi 2.0.0 or 1.28.1 is the recommendation mitigation,
eliminating Parameter value logging from the flow synchronization process
regardless of the Logback configuration.
+
+
+ </p>
+</div>
<div class="vulnerability-container">
<h3 id="CVE-2024-45477">CVE-2024-45477</h3>
diff --git a/sitemap.xml b/sitemap.xml
index 9f6320c9..9510ecbf 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -9,7 +9,7 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.aws.schemaregistry.AmazonGlueSchemaRegistry/</loc>
</url><url>
<loc>https://nifi.apache.org/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/org.apache.nifi.apicurio.schemaregistry.ApicurioSchemaRegistry/</loc>
</url><url>
@@ -54,10 +54,10 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.cef.CEFReader/</loc>
</url><url>
<loc>https://nifi.apache.org/documentation/guides/signing/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/community/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/</loc>
</url><url>
@@ -98,7 +98,7 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.windows.event.log.ConsumeWindowsEventLog/</loc>
</url><url>
<loc>https://nifi.apache.org/community/contact/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/org.apache.nifi.controller.ControllerStatusReportingTask/</loc>
</url><url>
@@ -167,7 +167,7 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.standard.DetectDuplicate/</loc>
</url><url>
<loc>https://nifi.apache.org/development/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/org.apache.nifi.flowanalysis.rules.DisallowComponentType/</loc>
</url><url>
@@ -176,13 +176,13 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.standard.DistributeLoad/</loc>
</url><url>
<loc>https://nifi.apache.org/documentation/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/documentation/v1/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/download/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.standard.DuplicateFlowFile/</loc>
</url><url>
@@ -273,10 +273,10 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.standard.FlattenJson/</loc>
</url><url>
<loc>https://nifi.apache.org/projects/fds/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/documentation/guides/fds-releases/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.standard.ForkEnrichment/</loc>
</url><url>
@@ -355,7 +355,7 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.grok.GrokReader/</loc>
</url><url>
<loc>https://nifi.apache.org/documentation/guides/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.standard.HandleHttpRequest/</loc>
</url><url>
@@ -416,7 +416,7 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.parameter.KubernetesSecretParameterProvider/</loc>
</url><url>
<loc>https://nifi.apache.org/documentation/guides/licensing/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.azure.storage.ListAzureBlobStorage_v12/</loc>
</url><url>
@@ -481,7 +481,7 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.standard.MergeRecord/</loc>
</url><url>
<loc>https://nifi.apache.org/projects/minifi/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.standard.ModifyBytes/</loc>
</url><url>
@@ -500,7 +500,7 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.azure.storage.MoveAzureDataLakeStorage/</loc>
</url><url>
<loc>https://nifi.apache.org/documentation/guides/maven-plugin-releases/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.standard.Notify/</loc>
</url><url>
@@ -521,10 +521,10 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.standard.PartitionRecord/</loc>
</url><url>
<loc>https://nifi.apache.org/community/powered-by/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/projects/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/org.apache.nifi.lookup.PropertiesFileLookupService/</loc>
</url><url>
@@ -655,10 +655,10 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.redis.service.RedisDistributedMapCacheClientService/</loc>
</url><url>
<loc>https://nifi.apache.org/projects/registry/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/documentation/guides/releases/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.standard.RemoveRecordField/</loc>
</url><url>
@@ -711,7 +711,7 @@
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.elasticsearch.SearchElasticsearch/</loc>
</url><url>
<loc>https://nifi.apache.org/documentation/security/</loc>
- <lastmod>2024-11-19T19:45:05-06:00</lastmod>
+ <lastmod>2024-11-20T11:27:46-06:00</lastmod>
</url><url>
<loc>https://nifi.apache.org/components/org.apache.nifi.processors.standard.SegmentContent/</loc>
</url><url>
