[ https://issues.apache.org/jira/browse/NIFI-10079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17564600#comment-17564600 ]
David Handermann commented on NIFI-10079: ----------------------------------------- [~dorschs], In general, NiFi does not backport dependency upgrades after a minor version release. The most likely release for this dependency upgrade will be 1.17.0. If there is another release in the 1.16 series, this dependency update could be a candidate for inclusion. Using PKCS12 instead of BCFKS for the client keystore might be a potential workaround with that current version of ZooKeeper client library supported in NiFi 1.16.3. > Upgrade ZooKeeper to 3.8.0 > -------------------------- > > Key: NIFI-10079 > URL: https://issues.apache.org/jira/browse/NIFI-10079 > Project: Apache NiFi > Issue Type: Improvement > Affects Versions: 1.16.1, 1.16.2 > Reporter: Mike R > Assignee: David Handermann > Priority: Major > Fix For: 1.17.0 > > Time Spent: 40m > Remaining Estimate: 0h > > The version of Zookeeper .jars used has a Medium 5.8 CVE against it and there > is an update to Zookeeper to allow for a fix. The CVE can be found at > [https://nvd.nist.gov/vuln/detail/CVE-2021-21295] and there is a more recent > version of Zookeeper to help mitigate this -- This message was sent by Atlassian Jira (v8.20.10#820010)