[
https://issues.apache.org/jira/browse/NIFI-13037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-13037:
------------------------------------
Description: Spring Framework dependencies on the support branch should be
upgraded to version
[5.3.34|https://github.com/spring-projects/spring-framework/releases/tag/v5.3.34]
to resolve several flagged vulnerabilities. Spring Security should be upgraded
to 5.8.11 and Jetty should be upgraded to
[9.4.54|https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.54.v20240208]
to resolve CVE-2024-22201 related to HTTP/2 connection closing. (was: Spring
Framework dependencies on the support branch should be upgraded to version
[5.3.34|https://github.com/spring-projects/spring-framework/releases/tag/v5.3.34]
to resolve several flagged vulnerabilities. Spring Security should be upgraded
to 5.8.11 and Jetty should be upgraded to
[9.5.54|https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.54.v20240208]
to resolve CVE-2024-22201 related to HTTP/2 connection closing.)
> Upgrade Spring Framework to 5.3.34 on Support Branch
> ----------------------------------------------------
>
> Key: NIFI-13037
> URL: https://issues.apache.org/jira/browse/NIFI-13037
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, MiNiFi, NiFi Registry
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Fix For: 1.26.0
>
>
> Spring Framework dependencies on the support branch should be upgraded to
> version
> [5.3.34|https://github.com/spring-projects/spring-framework/releases/tag/v5.3.34]
> to resolve several flagged vulnerabilities. Spring Security should be
> upgraded to 5.8.11 and Jetty should be upgraded to
> [9.4.54|https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.54.v20240208]
> to resolve CVE-2024-22201 related to HTTP/2 connection closing.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
