Paul Grey created NIFI-12327:
--------------------------------
Summary: NiFi 1.x line, Upgrade activemq-client to compatible
version
Key: NIFI-12327
URL: https://issues.apache.org/jira/browse/NIFI-12327
Project: Apache NiFi
Issue Type: Improvement
Reporter: Paul Grey
Assignee: Paul Grey
Vulnerability scanners might be expected to start flagging NiFi 1.x for its
usage of ActiveMQ 5.15.15, due to association with CVE-2023-46604.
The NiFi processor usage is not expected to be vulnerable, as the usage is
client-only. Even so, as the ActiveMQ 5.15 line was updated [1], it might make
sense to do the point version update, in order to mitigate any perceived risk.
[1]
https://repo.maven.apache.org/maven2/org/apache/activemq/activemq-client/5.15.16/
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
