David Handermann created NIFI-11328:
---------------------------------------
Summary: Upgrade Jettison to 1.5.4
Key: NIFI-11328
URL: https://issues.apache.org/jira/browse/NIFI-11328
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework, Extensions
Reporter: David Handermann
Assignee: David Handermann
Multiple framework and extension components use Jettison for JSON processing.
[Jettison
1.5.4|https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.4]
resolves a potential Denial-of-Service issue with infinite recursion when
processing a malformed JSON array, as described in
[CVE-2023-1436|https://www.cve.org/CVERecord?id=CVE-2023-1436].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
