[
https://issues.apache.org/jira/browse/NIFI-10079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17564600#comment-17564600
]
David Handermann commented on NIFI-10079:
-----------------------------------------
[~dorschs], In general, NiFi does not backport dependency upgrades after a
minor version release. The most likely release for this dependency upgrade will
be 1.17.0. If there is another release in the 1.16 series, this dependency
update could be a candidate for inclusion.
Using PKCS12 instead of BCFKS for the client keystore might be a potential
workaround with that current version of ZooKeeper client library supported in
NiFi 1.16.3.
> Upgrade ZooKeeper to 3.8.0
> --------------------------
>
> Key: NIFI-10079
> URL: https://issues.apache.org/jira/browse/NIFI-10079
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 1.16.1, 1.16.2
> Reporter: Mike R
> Assignee: David Handermann
> Priority: Major
> Fix For: 1.17.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> The version of Zookeeper .jars used has a Medium 5.8 CVE against it and there
> is an update to Zookeeper to allow for a fix. The CVE can be found at
> [https://nvd.nist.gov/vuln/detail/CVE-2021-21295] and there is a more recent
> version of Zookeeper to help mitigate this
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
