This is an automated email from the ASF dual-hosted git repository. alopresto pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nifi-site.git
commit 05ad86063df875c6ddea9ac36a90b4fb78321760 Author: Andy LoPresto <alopre...@apache.org> AuthorDate: Thu Apr 9 08:52:20 2020 -0700 Updated 1.11.4 security announcement. --- src/pages/html/security.hbs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs index 01108a9..a2f4217 100644 --- a/src/pages/html/security.hbs +++ b/src/pages/html/security.hbs @@ -59,10 +59,10 @@ title: Apache NiFi Security Reports <div class="row" style="background-color: aliceblue"> <div class="large-12 columns"> <p><a id="CVE-2020-5398" href="#CVE-2020-5398"><strong>CVE-2020-5398</strong></a>: Apache NiFi's spring-data-redis usage</p> - <p>Severity: <strong>High</strong></p> + <p>Severity: <strong>Moderate</strong></p> <p>Versions Affected:</p> <ul> - <li>Apache NiFi 1.8.0 - 1.11.4</li> + <li>Apache NiFi 1.8.0 - 1.11.3</li> </ul> </p> <p>Description: The org.springframework.data:spring-data-redis dependency in the nifi-redis-bundle had a vulnerable transitive dependency. See <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-5398" target="_blank">NIST NVD CVE-2020-5398</a> for more information. </p>