[jira] [Updated] (NIFI-9504) Upgrade Logback to 1.2.9

Chris Sampson (Jira) Sun, 19 Dec 2021 10:21:38 -0800


     [ 
https://issues.apache.org/jira/browse/NIFI-9504?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Chris Sampson updated NIFI-9504:
--------------------------------
    Fix Version/s: 1.16.0
       Resolution: Fixed
           Status: Resolved  (was: Patch Available)

> Upgrade Logback to 1.2.9
> ------------------------
>
>                 Key: NIFI-9504
>                 URL: https://issues.apache.org/jira/browse/NIFI-9504
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework, MiNiFi, NiFi Registry, NiFi Stateless
>    Affects Versions: 1.15.0, 1.15.1
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>             Fix For: 1.16.0
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> [Logback|https://logback.qos.ch/news.html] 1.2.9 includes updates to prevent 
> potential code execution in non-standard configurations as described in 
> [CVE-2021-42550|https://www.cve.org/CVERecord?id=CVE-2021-42550].
> The default NiFi configuration for Logback does not use these vulnerable 
> features, but upgrading to the latest version avoids potential issues.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (NIFI-9504) Upgrade Logback to 1.2.9

Reply via email to