[jira] [Commented] (NIFI-10533) Update org.apache.commons.commons-configuration2 to 2.8.0 For NiFi Ranger

Wed, 21 Sep 2022 10:44:42 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-10533?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17607912#comment-17607912
 ] 

Mike R commented on NIFI-10533:
-------------------------------

[~joewitt] Will do and will close this ticket. Thanks. Much appreciated the 
heads up

> Update org.apache.commons.commons-configuration2 to 2.8.0 For NiFi Ranger
> -------------------------------------------------------------------------
>
>                 Key: NIFI-10533
>                 URL: https://issues.apache.org/jira/browse/NIFI-10533
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Mike R
>            Priority: Major
>
> Update org.apache.commons.commons-configuration2 to 2.8.0 For NiFi Ranger 
> from version 2.1.1. The move to version 2.8.0 remediates the following CVEs:
> [*CVE-2022-23437*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437]
> [*CVE-2022-23302*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302]
> [{*}CVE-2022-22971{*}{*}{{*}}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971]
> [{*}CVE-2022-22968{*}{*}{{*}}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968]
> [{*}CVE-2022-22950{*}{*}{{*}}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22950]
> [{*}CVE-2020-15250{*}{*}{{*}}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250]
> [*CVE-2019-17571*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]
> [*CVE-2018-8088*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8088]
> [*CVE-2018-1275*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1275]
> [*CVE-2018-1271*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271]
> [*CVE-2018-1257*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1257]
> [*CVE-2016-5007*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5007]
> [*CVE-2012-0881*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to