[
https://issues.apache.org/jira/browse/NIFI-10399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-10399:
------------------------------------
Fix Version/s: 1.18.0
Assignee: Mike R
Status: Patch Available (was: Open)
The vulnerabilities flagged in the Maven Repository link relate to transitive
dependencies on Jackson JSON, which is maintained through the parent Jackson
Bill of Materials dependency. The Guava dependency is a test dependency, not
included at runtime, so although these vulnerabilities have no direct impact on
Apache NiFi, upgrading to the latest version of Jolt provides some additional
feature improvements and maintains compatibility with the current version.
> Upgrade com.bazaarvoice.jolt to 0.1.7
> -------------------------------------
>
> Key: NIFI-10399
> URL: https://issues.apache.org/jira/browse/NIFI-10399
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Mike R
> Assignee: Mike R
> Priority: Major
> Fix For: 1.18.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Upgrade com.bazaarvoice.jolt from 0.1.1 to 0.1.7 to remediate CVEs in
> json-utils and other areas. Looks like there are a lot of CVEs
> https://mvnrepository.com/artifact/com.bazaarvoice.jolt/json-utils/0.1.1
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
