[
https://issues.apache.org/jira/browse/NIFI-13933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Witt updated NIFI-13933:
----------------------------
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Upgrade Spring Security to 6.3.4 and Address Dependency Check Findings
> ----------------------------------------------------------------------
>
> Key: NIFI-13933
> URL: https://issues.apache.org/jira/browse/NIFI-13933
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Fix For: 2.0.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Spring Security dependencies should be upgraded to 6.3.4 to address findings
> for CVE-2024-38821. This vulnerability applies to WebFlux libraries that NiFi
> does not use.
> In addition, recent Dependency Check Plugin reports include a number of false
> positives related to Azure Identity libraries. False positives should be
> suppressed and other impacted dependencies should be upgraded.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
