[
https://issues.apache.org/jira/browse/NIFI-9504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462252#comment-17462252
]
ASF subversion and git services commented on NIFI-9504:
-------------------------------------------------------
Commit bda48b3f87ad11ffcee54cd465ae6384c26fa3f1 in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=bda48b3 ]
NIFI-9504 Upgraded Logback from 1.2.8 to 1.2.9
NIFI-9505 Upgraded Log4j 2 from 2.16.0 to 2.17.0
Signed-off-by: Chris Sampson <[email protected]>
This closes #5615
> Upgrade Logback to 1.2.9
> ------------------------
>
> Key: NIFI-9504
> URL: https://issues.apache.org/jira/browse/NIFI-9504
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, MiNiFi, NiFi Registry, NiFi Stateless
> Affects Versions: 1.15.0, 1.15.1
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> [Logback|https://logback.qos.ch/news.html] 1.2.9 includes updates to prevent
> potential code execution in non-standard configurations as described in
> [CVE-2021-42550|https://www.cve.org/CVERecord?id=CVE-2021-42550].
> The default NiFi configuration for Logback does not use these vulnerable
> features, but upgrading to the latest version avoids potential issues.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
