[jira] [Commented] (NIFI-9785) Improve Login Credentials Writer File Handling
[ https://issues.apache.org/jira/browse/NIFI-9785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17518301#comment-17518301 ] Joe Witt commented on NIFI-9785: [~Jlleitschuh] Thanks for reporting your finding. The process we follow is here https://nifi.apache.org/security.html and stems from https://www.apache.org/security/committers.html We will try to do step 12 better in the future but otherwise the process has been handled properly. > Improve Login Credentials Writer File Handling > -- > > Key: NIFI-9785 > URL: https://issues.apache.org/jira/browse/NIFI-9785 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Minor > Fix For: 1.16.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > The {{StandardLoginCredentialsWriter}} reads an existing > {{login-identity-providers.xml}} file and writes updated single user > credentials. The implementation should be improved to streamline input and > output file handling. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (NIFI-9785) Improve Login Credentials Writer File Handling
[ https://issues.apache.org/jira/browse/NIFI-9785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17518294#comment-17518294 ] Jonathan Leitschuh commented on NIFI-9785: -- Hi Nathan, In the future, to avoid issues like this, please follow the ASF vulnerability disclosure process: [https://www.apache.org/security/committers.html#resolve] In particular, please ensure that the disclosure gets run by the disclosing researcher before it is published. Cheers, Jonathan Leitschuh > Improve Login Credentials Writer File Handling > -- > > Key: NIFI-9785 > URL: https://issues.apache.org/jira/browse/NIFI-9785 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Minor > Fix For: 1.16.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > The {{StandardLoginCredentialsWriter}} reads an existing > {{login-identity-providers.xml}} file and writes updated single user > credentials. The implementation should be improved to streamline input and > output file handling. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (NIFI-9785) Improve Login Credentials Writer File Handling
[ https://issues.apache.org/jira/browse/NIFI-9785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17518290#comment-17518290 ] Jonathan Leitschuh commented on NIFI-9785: -- Hi Nathan, Much appreciated! Would you be so kind as to include a link to my disclosure in both the MITRE CVE and on your own security page? Cheers, Jonathan Leitschuh > Improve Login Credentials Writer File Handling > -- > > Key: NIFI-9785 > URL: https://issues.apache.org/jira/browse/NIFI-9785 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Minor > Fix For: 1.16.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > The {{StandardLoginCredentialsWriter}} reads an existing > {{login-identity-providers.xml}} file and writes updated single user > credentials. The implementation should be improved to streamline input and > output file handling. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (NIFI-9785) Improve Login Credentials Writer File Handling
[ https://issues.apache.org/jira/browse/NIFI-9785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17518281#comment-17518281 ] Nathan Gough commented on NIFI-9785: Hi Jonathan, the allocated CVE number is CVE-2022-26850. I am currently filing the public report through Apache to be reported to Mitre etc. The information was publish on our security page here yesterday: [https://nifi.apache.org/security.html#CVE-2022-26850.] The official publication should come through shortly to the various CVE tracker tools. > Improve Login Credentials Writer File Handling > -- > > Key: NIFI-9785 > URL: https://issues.apache.org/jira/browse/NIFI-9785 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Minor > Fix For: 1.16.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > The {{StandardLoginCredentialsWriter}} reads an existing > {{login-identity-providers.xml}} file and writes updated single user > credentials. The implementation should be improved to streamline input and > output file handling. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (NIFI-9785) Improve Login Credentials Writer File Handling
[ https://issues.apache.org/jira/browse/NIFI-9785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17518260#comment-17518260 ] Jonathan Leitschuh commented on NIFI-9785: -- The vulnerability that this issue fixed has now been disclosed here: [https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-rvp4-r3g6-8hxq] No CVE has been assigned at this time. This vulnerability is now public without a CVE. > Improve Login Credentials Writer File Handling > -- > > Key: NIFI-9785 > URL: https://issues.apache.org/jira/browse/NIFI-9785 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Minor > Fix For: 1.16.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > The {{StandardLoginCredentialsWriter}} reads an existing > {{login-identity-providers.xml}} file and writes updated single user > credentials. The implementation should be improved to streamline input and > output file handling. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (NIFI-9785) Improve Login Credentials Writer File Handling
[ https://issues.apache.org/jira/browse/NIFI-9785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17504432#comment-17504432 ] ASF subversion and git services commented on NIFI-9785: --- Commit 859d5fe8cfe05ad24600b021f0ebf15753a8105c in nifi's branch refs/heads/main from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=859d5fe ] NIFI-9785 Improved Login Credentials Writer File Handling Signed-off-by: Nathan Gough This closes #5856. > Improve Login Credentials Writer File Handling > -- > > Key: NIFI-9785 > URL: https://issues.apache.org/jira/browse/NIFI-9785 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Minor > Fix For: 1.16.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > The {{StandardLoginCredentialsWriter}} reads an existing > {{login-identity-providers.xml}} file and writes updated single user > credentials. The implementation should be improved to streamline input and > output file handling. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (NIFI-9785) Improve Login Credentials Writer File Handling
[ https://issues.apache.org/jira/browse/NIFI-9785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17504384#comment-17504384 ] Joe Witt commented on NIFI-9785: intend to start RC once this lands > Improve Login Credentials Writer File Handling > -- > > Key: NIFI-9785 > URL: https://issues.apache.org/jira/browse/NIFI-9785 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Minor > Fix For: 1.16.0 > > Time Spent: 10m > Remaining Estimate: 0h > > The {{StandardLoginCredentialsWriter}} reads an existing > {{login-identity-providers.xml}} file and writes updated single user > credentials. The implementation should be improved to streamline input and > output file handling. -- This message was sent by Atlassian Jira (v8.20.1#820001)