[
https://issues.apache.org/jira/browse/NIFI-10486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603248#comment-17603248
]
David Handermann commented on NIFI-10486:
-----------------------------------------
CVE-2022-22965 relates to Spring MVC, which does not appear to be referenced in
the dependency tree for greenmail. The JUnit 4 dependency is already upgraded
and handled through managed dependencies at the project level.
> Upgrade greenmail to 1.6.10
> ---------------------------
>
> Key: NIFI-10486
> URL: https://issues.apache.org/jira/browse/NIFI-10486
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 1.17.0
> Reporter: Mike R
> Priority: Minor
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Upgrade greenmail to 1.6.10 from 1.5.11 to remediate CVE in the dependency
> [CVE-2022-22965|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965]
> [CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
