[
https://issues.apache.org/jira/browse/NIFI-10533?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike R resolved NIFI-10533.
---------------------------
Resolution: Won't Fix
> Update org.apache.commons.commons-configuration2 to 2.8.0 For NiFi Ranger
> -------------------------------------------------------------------------
>
> Key: NIFI-10533
> URL: https://issues.apache.org/jira/browse/NIFI-10533
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Mike R
> Priority: Major
>
> Update org.apache.commons.commons-configuration2 to 2.8.0 For NiFi Ranger
> from version 2.1.1. The move to version 2.8.0 remediates the following CVEs:
> [*CVE-2022-23437*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437]
> [*CVE-2022-23302*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302]
> [{*}CVE-2022-22971{*}{*}{{*}}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971]
> [{*}CVE-2022-22968{*}{*}{{*}}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968]
> [{*}CVE-2022-22950{*}{*}{{*}}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22950]
> [{*}CVE-2020-15250{*}{*}{{*}}|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250]
> [*CVE-2019-17571*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]
> [*CVE-2018-8088*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8088]
> [*CVE-2018-1275*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1275]
> [*CVE-2018-1271*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271]
> [*CVE-2018-1257*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1257]
> [*CVE-2016-5007*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5007]
> [*CVE-2012-0881*|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
