[
https://issues.apache.org/jira/browse/NIFI-11829?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-11829:
------------------------------------
Status: Patch Available (was: Open)
> Upgrade Spring Framework to 5.3.29 and Spring Security to 5.8.5
> ---------------------------------------------------------------
>
> Key: NIFI-11829
> URL: https://issues.apache.org/jira/browse/NIFI-11829
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Fix For: 2.0.0, 1.23.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Spring Framework libraries should be upgraded to 5.3.29 and Spring Security
> libraries should be upgraded to 5.8.5.
> Spring Security 5.8.5 resolves CVE-2023-34034 and CVE-34035 related to
> potential security filter bypass in specialized configurations. Apache NiFi
> does not use Spring Security with WebFlux and does not use requestMatchers
> methods for protecting alternative application endpoints.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
