This is an automated email from the ASF dual-hosted git repository.
pvillard pushed a commit to branch support/nifi-1.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/support/nifi-1.x by this push:
new 2468bb5963 NIFI-11355 Upgraded Couchbase Client from 2.5.8 to 2.7.23
2468bb5963 is described below
commit 2468bb5963438d538eb8f851e37f58198562ff23
Author: exceptionfactory <[email protected]>
AuthorDate: Tue Mar 28 12:35:18 2023 -0500
NIFI-11355 Upgraded Couchbase Client from 2.5.8 to 2.7.23
- Suppressed vulnerability findings related to Couchbase Server
Signed-off-by: Pierre Villard <[email protected]>
This closes #7094.
---
nifi-dependency-check-maven/suppressions.xml | 10 ++++++++++
.../nifi-couchbase-services-api/pom.xml | 1 -
nifi-nar-bundles/nifi-couchbase-bundle/pom.xml | 14 ++++++++++++++
3 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/nifi-dependency-check-maven/suppressions.xml
b/nifi-dependency-check-maven/suppressions.xml
index 23b617c89a..8f6902070f 100644
--- a/nifi-dependency-check-maven/suppressions.xml
+++ b/nifi-dependency-check-maven/suppressions.xml
@@ -224,4 +224,14 @@
<packageUrl
regex="true">^pkg:maven/com\.google\.api\.grpc/grpc\-google\-cloud\-pubsublite\-v1@.*$</packageUrl>
<cpe>cpe:/a:grpc:grpc</cpe>
</suppress>
+ <suppress>
+ <notes>CVE-2020-9040 applies to Couchbase Server not the client
library</notes>
+ <packageUrl
regex="true">^pkg:maven/com\.couchbase\.client/core\-io@.*$</packageUrl>
+ <vulnerabilityName>CVE-2020-9040</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes>CVE-2022-41881 applies to HA Proxy components in Netty which
are not used in Couchbase or other components</notes>
+ <packageUrl regex="true">^pkg:maven/io\.netty/.*$</packageUrl>
+ <cve>CVE-2022-41881</cve>
+ </suppress>
</suppressions>
diff --git
a/nifi-nar-bundles/nifi-couchbase-bundle/nifi-couchbase-services-api/pom.xml
b/nifi-nar-bundles/nifi-couchbase-bundle/nifi-couchbase-services-api/pom.xml
index ab844b1672..d20484d9a8 100644
--- a/nifi-nar-bundles/nifi-couchbase-bundle/nifi-couchbase-services-api/pom.xml
+++ b/nifi-nar-bundles/nifi-couchbase-bundle/nifi-couchbase-services-api/pom.xml
@@ -33,7 +33,6 @@
<dependency>
<groupId>com.couchbase.client</groupId>
<artifactId>java-client</artifactId>
- <version>2.5.8</version>
</dependency>
</dependencies>
</project>
diff --git a/nifi-nar-bundles/nifi-couchbase-bundle/pom.xml
b/nifi-nar-bundles/nifi-couchbase-bundle/pom.xml
index 5c8e1ce848..72dc8afd1c 100644
--- a/nifi-nar-bundles/nifi-couchbase-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-couchbase-bundle/pom.xml
@@ -31,4 +31,18 @@
<module>nifi-couchbase-processors</module>
<module>nifi-couchbase-nar</module>
</modules>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>com.couchbase.client</groupId>
+ <artifactId>java-client</artifactId>
+ <version>2.7.23</version>
+ </dependency>
+ <dependency>
+ <groupId>com.couchbase.client</groupId>
+ <artifactId>core-io</artifactId>
+ <version>1.7.24</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
</project>
