[
https://issues.apache.org/jira/browse/NIFI-10078?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-10078.
-------------------------------------
Resolution: Invalid
There are a large number of dependencies that are marked as vulnerable using
tools such as the OWASP dependency check plugin. Some of the results are false
positives, or relate to the server component as opposed to the client library.
Please open specific Jira issues for individual after performing an initial
evaluation of where the dependency is referenced.
> Update Several Vulnerable Dependencies
> --------------------------------------
>
> Key: NIFI-10078
> URL: https://issues.apache.org/jira/browse/NIFI-10078
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.16.1
> Reporter: Mike R
> Priority: Major
>
> Sorry if this is a duplicate, but I found a few components that came through
> a vulnerability scan to see if NiFi can work to get these fixed.
> |Package|Location|Where To Download Fix|
> |HTTP Components|commons-httpclient-3.1.jar|[Apache HttpComponents –
> HttpComponents Downloads|https://hc.apache.org/downloads.cgi]|
> |esapi|esapi-2.2.0.0.jar|[Maven Central Repository
> Search|https://search.maven.org/search?q=g:org.owasp.esapi]|
> |esapi|esapi-2.2.0.0.jar|[Maven Central Repository
> Search|https://search.maven.org/search?q=g:org.owasp.esapi]|
> |Guava|guava-28.0-jre.jar|[Releases · google/guava
> (github.com)|https://github.com/google/guava/releases]|
> |XML Sec|xmlsec-1.5.8.jar|[Apache Santuario --
> download|https://santuario.apache.org/download.html]|
> |ZooKeeper|zookeeper-3.5.9.jar|[Apache
> Downloads|https://www.apache.org/dyn/closer.lua/zookeeper/zookeeper-3.8.0/apache-zookeeper-3.8.0-bin.tar.gz]|
> |ZooKeeper-Jute|zookeeper-jute-3.5.9.jar|[Apache
> Downloads|https://www.apache.org/dyn/closer.lua/zookeeper/zookeeper-3.8.0/apache-zookeeper-3.8.0-bin.tar.gz]|
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
