[
https://issues.apache.org/jira/browse/NIFI-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike R updated NIFI-10735:
--------------------------
Description:
Update Hortonworks registries schema-registry-client to mitigate CVE. Version
0.9.1 has 2 CVE. Updating to 1.0.0 resolves both of these CVE.
CVE are:
[CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250]
and
[CVE-2021-29425|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425].
Both have a medium score
The update can be found in the
[nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml|https://github.com/apache/nifi/blob/f65888dc5cd2c60ad22867be00c83a0c3a01c5e2/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml]
file at line 27 with <hwx.registry.version>0.9.1</hwx.registry.version>
Release Notes: [Comparing 0.9.1-rc1...1.0.0-rc2 · hortonworks/registry
(github.com)|https://github.com/hortonworks/registry/compare/0.9.1-rc1...1.0.0-rc2]
was:
Update Hortonworks registries schema-registry-client to mitigate CVE. Version
0.9.1 has 2 CVE. Updating to 1.0.0 resolves both of these CVE.
CVE are:
[CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250]
and
[CVE-2021-29425|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425].
Both have a medium score
The update can be found in the
[nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml|https://github.com/apache/nifi/blob/f65888dc5cd2c60ad22867be00c83a0c3a01c5e2/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml]
file at line 27 with <hwx.registry.version>0.9.1</hwx.registry.version>
> Update Hortonworks registries schema-registry-client to mitigate CVE
> --------------------------------------------------------------------
>
> Key: NIFI-10735
> URL: https://issues.apache.org/jira/browse/NIFI-10735
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 1.18.0
> Reporter: Mike R
> Priority: Major
>
> Update Hortonworks registries schema-registry-client to mitigate CVE. Version
> 0.9.1 has 2 CVE. Updating to 1.0.0 resolves both of these CVE.
> CVE are:
> [CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250]
> and
> [CVE-2021-29425|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425].
> Both have a medium score
> The update can be found in the
> [nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml|https://github.com/apache/nifi/blob/f65888dc5cd2c60ad22867be00c83a0c3a01c5e2/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml]
> file at line 27 with <hwx.registry.version>0.9.1</hwx.registry.version>
>
> Release Notes: [Comparing 0.9.1-rc1...1.0.0-rc2 · hortonworks/registry
> (github.com)|https://github.com/hortonworks/registry/compare/0.9.1-rc1...1.0.0-rc2]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
