This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-site.git
The following commit(s) were added to refs/heads/main by this push:
new f3e23f8b NIFI-15845 Corrected recommended version for CVE-2026-44914
f3e23f8b is described below
commit f3e23f8b63e0b491a2ef3386bab912c0ca3c9ffe
Author: exceptionfactory <[email protected]>
AuthorDate: Wed Jun 24 09:25:38 2026 -0500
NIFI-15845 Corrected recommended version for CVE-2026-44914
---
content/documentation/security.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/content/documentation/security.md
b/content/documentation/security.md
index 8055d64b..c65b2e78 100644
--- a/content/documentation/security.md
+++ b/content/documentation/security.md
@@ -113,7 +113,7 @@ additional privileges required, but framework authorization
did not check restri
replace Process Groups. The missing authorization permits a user with general
write access to add components with
Restricted status. Apache NiFi installations that do not implement specific
authorization for Restricted components are
not subject to this vulnerability because the framework enforces write
permissions as the security boundary. Upgrading
-to Apache NiFi 2.9.0 is the recommended mitigation, which removes the
implementation of Restricted status authorization
+to Apache NiFi 2.10.0 is the recommended mitigation, which removes the
implementation of Restricted status authorization
from the framework.
{{</ vulnerability >}}