[ https://issues.apache.org/jira/browse/NIFI-12327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Grey resolved NIFI-12327. ------------------------------ Resolution: Duplicate > NiFi 1.x line, Upgrade activemq-client to compatible version > ------------------------------------------------------------ > > Key: NIFI-12327 > URL: https://issues.apache.org/jira/browse/NIFI-12327 > Project: Apache NiFi > Issue Type: Improvement > Reporter: Paul Grey > Assignee: Paul Grey > Priority: Minor > > Vulnerability scanners might be expected to start flagging NiFi 1.x for its > usage of ActiveMQ 5.15.15, due to association with CVE-2023-46604. > The NiFi processor usage is not expected to be vulnerable, as the usage is > client-only. Even so, as the ActiveMQ 5.15 line was updated [1], it might > make sense to do the point version update, in order to mitigate any perceived > risk. > [1] > https://repo.maven.apache.org/maven2/org/apache/activemq/activemq-client/5.15.16/ -- This message was sent by Atlassian Jira (v8.20.10#820010)