[
https://issues.apache.org/jira/browse/NIFI-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-10735:
------------------------------------
Fix Version/s: (was: 1.20.0)
> Update Hortonworks registries schema-registry-client to mitigate CVE
> --------------------------------------------------------------------
>
> Key: NIFI-10735
> URL: https://issues.apache.org/jira/browse/NIFI-10735
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 1.18.0
> Reporter: Mike R
> Priority: Blocker
>
> Update Hortonworks registries schema-registry-client to mitigate CVE. Version
> 0.9.1 has 2 CVE. Updating to 1.0.0 resolves both of these CVE.
> CVE are:
> [CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250]
> and
> [CVE-2021-29425|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425].
> Both have a medium score
> The update can be found in the
> [nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml|https://github.com/apache/nifi/blob/f65888dc5cd2c60ad22867be00c83a0c3a01c5e2/nifi-nar-bundles/nifi-standard-services/nifi-hwx-schema-registry-bundle/pom.xml]
> file at line 27 with <hwx.registry.version>0.9.1</hwx.registry.version>
>
> Release Notes: [Comparing 0.9.1-rc1...1.0.0-rc2 · hortonworks/registry
> (github.com)|https://github.com/hortonworks/registry/compare/0.9.1-rc1...1.0.0-rc2]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
