[ https://issues.apache.org/jira/browse/NIFI-13037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pierre Villard updated NIFI-13037: ---------------------------------- Resolution: Fixed Status: Resolved (was: Patch Available) > Upgrade Spring Framework to 5.3.34 on Support Branch > ---------------------------------------------------- > > Key: NIFI-13037 > URL: https://issues.apache.org/jira/browse/NIFI-13037 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework, MiNiFi, NiFi Registry > Reporter: David Handermann > Assignee: David Handermann > Priority: Major > Fix For: 1.26.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Spring Framework dependencies on the support branch should be upgraded to > version > [5.3.34|https://github.com/spring-projects/spring-framework/releases/tag/v5.3.34] > to resolve several flagged vulnerabilities. Spring Security should be > upgraded to 5.8.11 and Jetty should be upgraded to > [9.4.54|https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.54.v20240208] > to resolve CVE-2024-22201 related to HTTP/2 connection closing. -- This message was sent by Atlassian Jira (v8.20.10#820010)