[jira] [Commented] (NIFI-12440) Update HikariCP to 5.1.0

David Handermann (Jira) Thu, 30 Nov 2023 08:16:08 -0800


    [ 
https://issues.apache.org/jira/browse/NIFI-12440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17791701#comment-17791701
 ]


David Handermann commented on NIFI-12440:
-----------------------------------------

The listed vulnerabilities apply to PostgreSQL, not to HikariCP. With that 
being said, upgrading HikariCP to the latest version is still worth 
implementing.

> Update HikariCP to 5.1.0
> ------------------------
>
>                 Key: NIFI-12440
>                 URL: https://issues.apache.org/jira/browse/NIFI-12440
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Mike R
>            Assignee: Mike R
>            Priority: Major
>
> Upgrading HikariCP to 5.1.0 from 5.0.1 resolves CVE:
> [CVE-2022-41946|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41946]
> [CVE-2022-31197|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31197]
> [CVE-2022-26520|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26520]
> [CVE-2022-21724|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724]
> [CVE-2020-25638|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25638]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (NIFI-12440) Update HikariCP to 5.1.0

Reply via email to