[ https://issues.apache.org/jira/browse/NIFI-8538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17344596#comment-17344596 ]
ASF subversion and git services commented on NIFI-8538: ------------------------------------------------------- Commit 6776765a928952a68373d633fac1d848ddcc7b50 in nifi's branch refs/heads/main from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=6776765 ] NIFI-8538 Upgraded Apache Commons IO to 2.8.0 - Upgraded direct dependencies from 2.6 to 2.8.0 - Added dependency management configuration to use 2.8.0 for some modules - Updated scripted Groovy tests to avoid copying unnecessary files Signed-off-by: Matthew Burgess <mattyb...@apache.org> This closes #5073 > Upgrade Apache Commons IO to 2.8.0 > ---------------------------------- > > Key: NIFI-8538 > URL: https://issues.apache.org/jira/browse/NIFI-8538 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework > Affects Versions: 1.13.2 > Reporter: David Handermann > Assignee: David Handermann > Priority: Minor > Labels: security > Time Spent: 40m > Remaining Estimate: 0h > > Apache Commons IO version 2.6 and below are vulnerable to > [CVE-2021-29425|https://nvd.nist.gov/vuln/detail/CVE-2021-29425]. Although > NiFi does not appear to have any direct calls to > {{FileNameUtils.normalize()}}, numerous libraries leverage Commons IO. > Upgrading to version 2.8.0 addresses this issue and also includes a number of > other minor bug fixes. -- This message was sent by Atlassian Jira (v8.3.4#803005)