[
https://issues.apache.org/jira/browse/NIFI-5957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-5957.
------------------------------------
Resolution: Invalid
NIFI-5541 Added a Maven build profile to generate a dependency status report
for potential vulnerabilities. Numerous dependencies have been updated since
the time this issue was submitted, and future dependency update issues need to
be more narrowly scoped in order for the issue to be addressed properly.
> 74 high severity CVEs in nifi 1.8.0 - third party dependency libraries
> ----------------------------------------------------------------------
>
> Key: NIFI-5957
> URL: https://issues.apache.org/jira/browse/NIFI-5957
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Security
> Affects Versions: 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.7.1
> Environment: Inserted OWASP Dependency Check plugin into nifi pom.xml
> & ran report
> Reporter: Albert Baker
> Priority: Major
> Labels: security
>
> There are 74 High severity CVEs in nifi 1.8.0 according to OWASP Dependency
> check.
> There is a possibility of a few false positives with this report, /but/ there
> is the commons-collections:commons-collections:3.2.1 issue which there is
> proof-of-concept exploit code out for for three years. These dependencies
> need to be cleaned up.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
