[nifi] 05/05: NIFI-10271 This closes #6242. Upgraded Xerces from 2.12.1 to 2.12.2

joewitt Sat, 23 Jul 2022 18:09:33 -0700

This is an automated email from the ASF dual-hosted git repository.

joewitt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


commit 7244b9cfc43dcb73ff1d088ecec7c1cf0b045e28
Author: exceptionfactory <[email protected]>
AuthorDate: Sat Jul 23 15:35:48 2022 -0500

    NIFI-10271 This closes #6242. Upgraded Xerces from 2.12.1 to 2.12.2
    
    - Suppressed false positive vulnerability report for CVE-2017-10355
    
    Signed-off-by: Joe Witt <[email protected]>
---
 nifi-dependency-check-maven/suppressions.xml                   |  5 +++++
 nifi-nar-bundles/nifi-hive-bundle/pom.xml                      |  6 ++++++
 .../nifi-media-bundle/nifi-media-processors/pom.xml            | 10 ++++++++++
 .../nifi-scripting-bundle/nifi-scripting-processors/pom.xml    |  2 +-
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/nifi-dependency-check-maven/suppressions.xml 
b/nifi-dependency-check-maven/suppressions.xml
index db3e58a794..20dcabe779 100644
--- a/nifi-dependency-check-maven/suppressions.xml
+++ b/nifi-dependency-check-maven/suppressions.xml
@@ -129,4 +129,9 @@
         <packageUrl 
regex="true">^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-ng\-morphline\-solr\-sink@.*$</packageUrl>
         <cpe>cpe:/a:apache:solr</cpe>
     </suppress>
+    <suppress>
+        <notes>CVE-2017-10355 does not apply to Xerces 2.12.2</notes>
+        <packageUrl regex="true">^pkg:maven/xerces/xercesImpl@.*$</packageUrl>
+        <cve>CVE-2017-10355</cve>
+    </suppress>
 </suppressions>
diff --git a/nifi-nar-bundles/nifi-hive-bundle/pom.xml 
b/nifi-nar-bundles/nifi-hive-bundle/pom.xml
index 60094dd704..54991ac0a5 100644
--- a/nifi-nar-bundles/nifi-hive-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-hive-bundle/pom.xml
@@ -97,6 +97,12 @@
                 <artifactId>ant</artifactId>
                 <version>1.10.12</version>
             </dependency>
+            <!-- Override Xerces 2.9.1 in Hive 1.1 and 1.2 -->
+            <dependency>
+                <groupId>xerces</groupId>
+                <artifactId>xercesImpl</artifactId>
+                <version>2.12.2</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
diff --git a/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml 
b/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml
index 1fad27fd7d..08e08ac99d 100644
--- a/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-media-bundle/nifi-media-processors/pom.xml
@@ -29,6 +29,16 @@
         <tika.version>2.4.1</tika.version>
     </properties>
 
+    <dependencyManagement>
+        <dependencies>
+            <!-- Override Xerces 2.12.1 from Tika -->
+            <dependency>
+                <groupId>xerces</groupId>
+                <artifactId>xercesImpl</artifactId>
+                <version>2.12.2</version>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
     <dependencies>
         <dependency>
             <groupId>org.apache.nifi</groupId>
diff --git 
a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/pom.xml 
b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/pom.xml
index 9e2178c4c9..8b2adb0766 100644
--- a/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-scripting-bundle/nifi-scripting-processors/pom.xml
@@ -112,7 +112,7 @@
         <dependency>
             <groupId>xerces</groupId>
             <artifactId>xercesImpl</artifactId>
-            <version>2.12.1</version>
+            <version>2.12.2</version>
         </dependency>
         <dependency>
             <groupId>org.apache.nifi</groupId>

[nifi] 05/05: NIFI-10271 This closes #6242. Upgraded Xerces from 2.12.1 to 2.12.2

Reply via email to