Micheal, Upgrading Apache Nifi to 1.26.0 or higher is the only solution or do you think we can update the spring framework dependencies? Also which will be effective solution?
Thanks [image005] Deepak Reddy | Data Engineer IT Centers of Excellence 13736 Riverport Dr., Maryland Heights, MO 63043 From: Michael Moser <moser...@gmail.com> Sent: Wednesday, October 2, 2024 12:28 PM To: users@nifi.apache.org Cc: Chirthani, Deepak Reddy <c-deepakreddy.chirth...@charter.com> Subject: [EXTERNAL] Re: cve-2024-22243 CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance. Each Apache NiFi release tends to upgrade several dependencies, so from a security standpoint we always recommend using the latest version. For that specific CVE, however, you will want to use NiFi version 1.26.0 or higher. Regards, -- Mike On Wed, Oct 2, 2024 at 10:19 AM Chirthani, Deepak Reddy <c-deepakreddy.chirth...@charter.com<mailto:c-deepakreddy.chirth...@charter.com>> wrote: Hi, Wanted to know to resolve the cve-2024-22243 on Nifi on-prem clusters with version 1.21.0. Any inputs/advises are appreciated. Thanks The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited. The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
