Hi, I looked on the Apache Nifi site and linked sites to find information on how CVE-2022-42889 impacts Apache Nifi.
I found an issue report and merge request which indicates the library Apache Commons Text has been upgraded to the patched version (1.10) and it will be part of v1.19.0 I could however not find when this version will be released. Could that be checked somewhere? Second question is if Nifi is impacted by this vulnerability because it could be that the usage of this library in Apache Nifi does not allow it to exploit this vulnerability. Thank you very much for any feedback and thank you to the open source community for having made Apache Nifi and maintaining/improving this product. /Tom
