The Apache NiFi Team is pleased to announce the release of Apache NiFi 1.23.2.
Apache NiFi is an easy to use, powerful, and reliable system to
process and distribute data.
https://nifi.apache.org
The release artifacts can be downloaded from the project website.
Severity: moderate
Affected versions:
- Apache NiFi 1.21.0 through 1.23.0
Description:
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several
Processors and Controller Services with connection URL validation that does not
provide sufficient protection against crafted
The Apache NiFi team is pleased to announce the release of Apache NiFi 1.23.1.
Apache NiFi is an easy to use, powerful, and reliable system to
process and distribute
data. Apache NiFi was made for dataflow. It supports highly
configurable directed graphs
of data routing, transformation, and
Processor Property in EvaluateXPath and
EvaluateXQuery mitigates the vulnerability for those Processors. No mitigation
is available for the ValidateXml Processor or the Standard Content Viewer.
Credit:
David Handermann at exceptionfactory.com reported this issue.
References:
https
Severity: moderate
Description:
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does
not restrict XML External Entity references.
Flow configurations that include the ExtractCCDAAttributes Processor are
vulnerable to malicious XML documents that contain Document Type
Severity: important
Affected versions:
- Apache NiFi 0.0.2 through 1.21.0
Description:
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache
NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to
configure a Database URL with the H2 driver that
Severity: important
Affected versions:
- Apache NiFi 1.8.0 through 1.21.0
Description:
The JndiJmsConnectionFactoryProvider Controller Service, along with the
ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow
an authenticated and authorized user to configure URL
Severity: moderate
Affected versions:
- Apache NiFi 0.0.2 through 1.22.0
Description:
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services
that support HTTP URL references for retrieving drivers, which allows an
authenticated and authorized user to configure a location
Affected versions:
- Apache NiFi 0.7.0 through 1.23.2
Description:
Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which
provides an advanced configuration user interface that is vulnerable to
DOM-based cross-site scripting. If an authenticated user, who is
The Apache NiFi Team is pleased to announce the release of Apache NiFi 2.0.0-M1.
Version 2.0.0-M1 is the initial milestone release version of Apache NiFi 2.0.0.
Apache NiFi is an easy to use, powerful, and reliable system to
process and distribute
data.
https://nifi.apache.org
The release
The Apache NiFi Team is pleased to announce the release of Apache NiFi 2.0.0-M2.
Apache NiFi is an easy to use, powerful, and reliable system to
process and distribute data.
https://nifi.apache.org
The release artifacts can be downloaded from the project website.
The Apache NiFi Team is pleased to announce the release of Apache NiFi 2.0.0-M3.
Apache NiFi is an easy to use, powerful, and reliable system to
process and distribute data.
https://nifi.apache.org
The release artifacts can be downloaded from the project website.
12 matches
Mail list logo