[jira] [Commented] (NIFI-10082) Update Java Protobuf To Most Recent Version

Mike R (Jira) Tue, 14 Jun 2022 06:42:05 -0700


    [ 
https://issues.apache.org/jira/browse/NIFI-10082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17554104#comment-17554104
 ]


Mike R commented on NIFI-10082:
-------------------------------

Github Pull For fix of issue: 
[https://github.com/apache/nifi/pull/6123|https://github.com/apache/nifi/pull/6123]

> Update Java Protobuf To Most Recent Version
> -------------------------------------------
>
>                 Key: NIFI-10082
>                 URL: https://issues.apache.org/jira/browse/NIFI-10082
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.16.1, 1.16.2
>            Reporter: Mike R
>            Priority: Major
>
> It looks like Java Protobuf that is used is vulnerable per 
> [https://github.com/advisories/GHSA-wrvw-hg22-4m67,] which is 
> [CVE-2021-22569|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569]
>  *High* - CVSS Score: 7. 
> A fix can be found here, but still needs to be compiled [Release Protocol 
> Buffers v3.19.2 · protocolbuffers/protobuf (github.com)|[Release Protocol 
> Buffers v3.19.2 · protocolbuffers/protobuf 
> (github.com)|https://github.com/protocolbuffers/protobuf/releases/tag/v3.19.2]]
> There is an update available, it just needs to be incorporated
>  
> |package|package_path|package_type|package_version|fix|
> |protobuf-java-3.19.1|/nifi/lib/properties/protobuf-java-3.19.1.jar|java|3.19.1|3.19.2|
> |protobuf-java-3.19.1|/nifi-toolkit-current/lib/protobuf-java-3.19.1.jar|java|3.19.1|3.19.2|



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

[jira] [Commented] (NIFI-10082) Update Java Protobuf To Most Recent Version

Reply via email to