Hi , As part of upgrade from nifi-1.13.2 to nifi-1.14.0 we performed scans on nifi 1.14.0 and as a result there are few critical and high vulnerabilities . Critical vulnerabilities Vulnerability Id Severity path Fix available Link CVE-2017-7657 Critical /opt/nifi/lib/jetty-schemas-3.1.jar None NVD - CVE-2017-7657 (nist.gov)<https://nvd.nist.gov/vuln/detail/CVE-2017-7657> CVE-2017-7658 Critical /opt/nifi/lib/jetty-schemas-3.1.jar None https://nvd.nist.gov/vuln/detail/CVE-2017-7658 CVE-2019-12415 Critical /opt/nifi/lib/nifi-nar-utils-1.14.0.jar None https://anchore.int.net.nokia.com:443/v1/query/vulnerabilities?id=VULNDB-216029
High Vulnerabilities Vulnerability Id Severity path Fix available Link CVE-2017-7656 High /opt/nifi/lib/jetty-schemas-3.1.jar None https://nvd.nist.gov/vuln/detail/CVE-2009-5045 CVE-2017-9735 High /opt/nifi/lib/jetty-schemas-3.1.jar None https://nvd.nist.gov/vuln/detail/CVE-2017-9735 CVE-2020-27216 High /opt/nifi/lib/jetty-schemas-3.1.jar None https://nvd.nist.gov/vuln/detail/CVE-2020-27216 VULNDB-256815 High /opt/nifi-toolkit/lib/commons-compress-1.20.jar None https://repo1.dso.mil/dsop/opensource/apache/nifi/-/issues/13 VULNDB-257084 High /opt/nifi-toolkit/lib/commons-compress-1.20.jar None https://repo1.dso.mil/dsop/opensource/apache/nifi/-/issues/13 One or two vulnerabilities are fixed in 1.15 example CVE-2020-17521 : https://issues.apache.org/jira/browse/NIFI-8990. Could you please help us the impact and fix version or possibility of fixing in 1.14 it self ? Thanks & Regards, Ganesh.B
