[
https://issues.apache.org/jira/browse/NIFI-12879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17824896#comment-17824896
]
ASF subversion and git services commented on NIFI-12879:
--------------------------------------------------------
Commit 691870806dfe273a584eef5f86f5aa0182e1700d in nifi's branch
refs/heads/support/nifi-1.x from dependabot[bot]
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=691870806d ]
NIFI-12879 Upgraded Clojure from 1.11.1 to 1.11.2
This closes #8487
Signed-off-by: David Handermann <[email protected]>
(cherry picked from commit 63cc0520dca09acee2dc8f1abb1e2c48c8f4e3e4)
> Upgrade Clojure to 1.11.2
> -------------------------
>
> Key: NIFI-12879
> URL: https://issues.apache.org/jira/browse/NIFI-12879
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Fix For: 2.0.0, 1.26.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The Clojure library for the Scripting extensions bundle should be upgraded to
> [1.11.2|https://clojure.org/releases/downloads#_stable_release_1_11_2_mar_8_2024]
> to mitigate CVE-2024-22871, which relates to using Java Object serialization
> to read crafted inputs.
> Clojure is an optional scripting library and the Scripting extensions do not
> perform Java Object serialization directly. For this reason, deployments of
> NiFi that do not use custom Scripting components based on Clojure are not
> directly exposed to this vulnerability.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
