This is an automated email from the ASF dual-hosted git repository.
alopresto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi-site.git
commit 05ad86063df875c6ddea9ac36a90b4fb78321760
Author: Andy LoPresto <alopre...@apache.org>
AuthorDate: Thu Apr 9 08:52:20 2020 -0700
Updated 1.11.4 security announcement.
---
src/pages/html/security.hbs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs
index 01108a9..a2f4217 100644
--- a/src/pages/html/security.hbs
+++ b/src/pages/html/security.hbs
@@ -59,10 +59,10 @@ title: Apache NiFi Security Reports
<div class="row" style="background-color: aliceblue">
<div class="large-12 columns">
<p><a id="CVE-2020-5398"
href="#CVE-2020-5398"><strong>CVE-2020-5398</strong></a>: Apache NiFi's
spring-data-redis usage</p>
- <p>Severity: <strong>High</strong></p>
+ <p>Severity: <strong>Moderate</strong></p>
<p>Versions Affected:</p>
<ul>
- <li>Apache NiFi 1.8.0 - 1.11.4</li>
+ <li>Apache NiFi 1.8.0 - 1.11.3</li>
</ul>
</p>
<p>Description: The org.springframework.data:spring-data-redis
dependency in the nifi-redis-bundle had a vulnerable transitive dependency. See
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-5398"; target="_blank">NIST
NVD CVE-2020-5398</a> for more information. </p>
