This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main-staging
in repository https://gitbox.apache.org/repos/asf/nifi-site.git
The following commit(s) were added to refs/heads/main-staging by this push:
new 333774c2 NIFI-15845 Corrected recommended version for CVE-2026-44914
333774c2 is described below
commit 333774c2930958893d2ee80f968686cc76d996a9
Author: exceptionfactory <[email protected]>
AuthorDate: Wed Jun 24 09:25:38 2026 -0500
NIFI-15845 Corrected recommended version for CVE-2026-44914
(cherry picked from commit f3e23f8b63e0b491a2ef3386bab912c0ca3c9ffe)
---
content/documentation/security.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/content/documentation/security.md
b/content/documentation/security.md
index 8055d64b..c65b2e78 100644
--- a/content/documentation/security.md
+++ b/content/documentation/security.md
@@ -113,7 +113,7 @@ additional privileges required, but framework authorization
did not check restri
replace Process Groups. The missing authorization permits a user with general
write access to add components with
Restricted status. Apache NiFi installations that do not implement specific
authorization for Restricted components are
not subject to this vulnerability because the framework enforces write
permissions as the security boundary. Upgrading
-to Apache NiFi 2.9.0 is the recommended mitigation, which removes the
implementation of Restricted status authorization
+to Apache NiFi 2.10.0 is the recommended mitigation, which removes the
implementation of Restricted status authorization
from the framework.
{{</ vulnerability >}}