David Handermann created NIFI-9504:
--------------------------------------
Summary: Upgrade Logback to 1.2.9
Key: NIFI-9504
URL: https://issues.apache.org/jira/browse/NIFI-9504
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework, MiNiFi, NiFi Registry, NiFi Stateless
Affects Versions: 1.15.1, 1.15.0
Reporter: David Handermann
Assignee: David Handermann
[Logback|https://logback.qos.ch/news.html] 1.2.9 includes updates to prevent
potential code execution in non-standard configurations as described in
[CVE-2021-42550|https://www.cve.org/CVERecord?id=CVE-2021-42550].
The default NiFi configuration for Logback does not use these vulnerable
features, but upgrading to the latest version avoids potential issues.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
