[ https://issues.apache.org/jira/browse/NIFI-12259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17778572#comment-17778572 ]
ASF subversion and git services commented on NIFI-12259: -------------------------------------------------------- Commit fc6677153f535f136de8e28b472b4ede108456fe in nifi's branch refs/heads/main from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=fc6677153f ] NIFI-12259 Upgraded Apache Santuario from 2.3.3 to 2.3.4 Signed-off-by: Pierre Villard <pierre.villard...@gmail.com> This closes #7916. > Upgrade Santuario XML to 2.3.4 > ------------------------------ > > Key: NIFI-12259 > URL: https://issues.apache.org/jira/browse/NIFI-12259 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework > Reporter: David Handermann > Assignee: David Handermann > Priority: Major > Labels: dependency-upgrade > Fix For: 2.0.0, 1.24.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Apache Santuario 2.3.4 includes a resolution for CVE-2023-44483, which > relates to logging sensitive private key information at the debug level. > Spring Security SAML2 has a dependency on Apache Santuario, which should be > upgraded. -- This message was sent by Atlassian Jira (v8.20.10#820010)