[
https://issues.apache.org/jira/browse/NIFI-10424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17598974#comment-17598974
]
David Handermann commented on NIFI-10424:
-----------------------------------------
[~msr1716] As mentioned on other issues, Jackson and other dependencies are
already addressed through shared dependency management. Although upgrading
dependencies is often helpful, linking to a non-applicable vulnerability can be
confusing. Please review vulnerability descriptions carefully when describing
reasons for upgrading.
> Upgrade Spring-integration-core to 5.5.14
> -----------------------------------------
>
> Key: NIFI-10424
> URL: https://issues.apache.org/jira/browse/NIFI-10424
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.17.0
> Reporter: Mike R
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Upgrade Spring-integration-core from 5.5.9 to 5.5.14 to mitigate CVE
> 2020-36518, which has a score of 7.5 or high.
> https://nvd.nist.gov/vuln/detail/CVE-2020-36518
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
