[
https://issues.apache.org/jira/browse/NIFI-10079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17545090#comment-17545090
]
Mike R commented on NIFI-10079:
-------------------------------
[~joewitt] thanks. The specific files are:
/nifi-toolkit-current/lib/zookeeper-3.5.9.jar
./nifi-toolkit-current/lib/zookeeper-jute-3.5.9.jar
The issue looks to be that there was a vulnerable version of Netty used in the
Zookeeper release that was implemented into NiFi
> Update ZooKeeper .JAR Files
> ---------------------------
>
> Key: NIFI-10079
> URL: https://issues.apache.org/jira/browse/NIFI-10079
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.6.0, 1.16.1, 1.16.2
> Reporter: Mike R
> Priority: Major
>
> The version of Zookeeper .jars used has a Medium 5.8 CVE against it and there
> is an update to Zookeeper to allow for a fix. The CVE can be found at
> [https://nvd.nist.gov/vuln/detail/CVE-2021-21295] and there is a more recent
> version of Zookeeper to help mitigate this
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
