[
https://issues.apache.org/jira/browse/NIFI-9504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462753#comment-17462753
]
ASF subversion and git services commented on NIFI-9504:
-------------------------------------------------------
Commit abc45ac67f5dbc49eb0c7567a493c90ee350055c in nifi's branch
refs/heads/support/nifi-1.15 from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=abc45ac ]
NIFI-9504 Upgraded Logback from 1.2.8 to 1.2.9
NIFI-9505 Upgraded Log4j 2 from 2.16.0 to 2.17.0
Signed-off-by: Chris Sampson <[email protected]>
This closes #5615
> Upgrade Logback to 1.2.9
> ------------------------
>
> Key: NIFI-9504
> URL: https://issues.apache.org/jira/browse/NIFI-9504
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, MiNiFi, NiFi Registry, NiFi Stateless
> Affects Versions: 1.15.0, 1.15.1
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Fix For: 1.16.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> [Logback|https://logback.qos.ch/news.html] 1.2.9 includes updates to prevent
> potential code execution in non-standard configurations as described in
> [CVE-2021-42550|https://www.cve.org/CVERecord?id=CVE-2021-42550].
> The default NiFi configuration for Logback does not use these vulnerable
> features, but upgrading to the latest version avoids potential issues.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
