Hi, A recent security scan flagged the spring-web-5.3.39.jar version used in NiFi 1.28.1 as vulnerable to CVE-2016-1000027. However, upon inspection, I found that the vulnerable classes are already deprecated in this version. Based on how the library is implemented within the product, this issue may or may not be exploitable.
Could someone please confirm whether NiFi 1.28.1 is actually affected by this vulnerability? Thanks & Regards Rahul
