[jira] [Commented] (NIFI-10533) Update org.apache.commons.commons-configuration2 to 2.8.0 For NiFi Ranger

Wed, 21 Sep 2022 10:29:11 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-10533?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17607903#comment-17607903
 ] 

Joe Witt commented on NIFI-10533:
---------------------------------

PLease work this through the Ranger project so we're not stuck messing with the 
dependencies of other services.  Thanks

> Update org.apache.commons.commons-configuration2 to 2.8.0 For NiFi Ranger
> -------------------------------------------------------------------------
>
>                 Key: NIFI-10533
>                 URL: https://issues.apache.org/jira/browse/NIFI-10533
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Mike R
>            Priority: Major
>
> Update org.apache.commons.commons-configuration2 to 2.8.0 For NiFi Ranger 
> from version 2.1.1. The move to version 2.8.0 remediates the following CVEs:
> [{*}CVE-2022-23437{*}{*}{*}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437]
> [{*}CVE-2022-23302{*}{*}{*}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302]
> [{*}CVE-2022-22971{*}{*}{*}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971]
> [{*}CVE-2022-22968{*}{*}{*}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968]
> [{*}CVE-2022-22950{*}{*}{*}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22950]
> [{*}CVE-2020-15250{*}{*}{*}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250]
> [{*}CVE-2019-17571{*}{*}{*}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]
> [{*}CVE-2018-8088{*}{*}{*}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8088]
> [{*}CVE-2018-1275{*}{*}{*}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1275]
> [{*}CVE-2018-1271{*}{*}{*}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271]
> [{*}CVE-2018-1257{*}{*}{*}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1257]
> [{*}CVE-2016-5007{*}{*}{*}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5007]
> [*CVE-2012-0881*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to