[jira] [Created] (NIFI-11339) Update org.springframework_spring-core to 5.3.26 or 6.0.7

Phil Lee (Jira) Thu, 23 Mar 2023 21:40:11 -0700

Phil Lee created NIFI-11339:
-------------------------------

             Summary: Update org.springframework_spring-core to 5.3.26 or 6.0.7
                 Key: NIFI-11339
                 URL: https://issues.apache.org/jira/browse/NIFI-11339
             Project: Apache NiFi
          Issue Type: Improvement
    Affects Versions: 1.20.0
            Reporter: Phil Lee



Update org.springframework_spring-core from 5.3.24 to 5.3.26 or 6.0.7.  This 
will remediate [https://nvd.nist.gov/vuln/detail/CVE-2023-20861] 

Twistlock scan reported this as high severity vulnerability in NiFi Registry 
version 1.20.0.


|Impacted versions: >=5.3.0 and <5.3.26
Discovered: less than an hour ago
Published: 7 hours ago|

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 
5.2.22.RELEASE, and older unsupported versions, it is possible for a user to 
provide a specially crafted SpEL expression that may cause a denial-of-service 
(DoS) condition.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (NIFI-11339) Update org.springframework_spring-core to 5.3.26 or 6.0.7

Reply via email to