[ https://issues.apache.org/jira/browse/NIFI-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike R updated NIFI-10735: -------------------------- Priority: Blocker (was: Major) > Update Hortonworks registries schema-registry-client to mitigate CVE > -------------------------------------------------------------------- > > Key: NIFI-10735 > URL: https://issues.apache.org/jira/browse/NIFI-10735 > Project: Apache NiFi > Issue Type: Improvement > Affects Versions: 1.18.0 > Reporter: Mike R > Priority: Blocker > Fix For: 1.20.0 > > > Update Hortonworks registries schema-registry-client to mitigate CVE. Version > 0.9.1 has 2 CVE. Updating to 1.0.0 resolves both of these CVE. > CVE are: > [CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250] > and > [CVE-2021-29425|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425]. > Both have a medium score > The update can be found in the > [nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml|https://github.com/apache/nifi/blob/f65888dc5cd2c60ad22867be00c83a0c3a01c5e2/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml] > file at line 27 with <hwx.registry.version>0.9.1</hwx.registry.version> > > Release Notes: [Comparing 0.9.1-rc1...1.0.0-rc2 · hortonworks/registry > (github.com)|https://github.com/hortonworks/registry/compare/0.9.1-rc1...1.0.0-rc2] -- This message was sent by Atlassian Jira (v8.20.10#820010)