[jira] [Updated] (NIFI-15471) UI - Address dependabot detected issues in transitive dependency hono

Rob Fellows (Jira) Thu, 15 Jan 2026 05:38:33 -0800


     [ 
https://issues.apache.org/jira/browse/NIFI-15471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rob Fellows updated NIFI-15471:
-------------------------------
    Status: Patch Available  (was: In Progress)

> UI - Address dependabot detected issues in transitive dependency hono
> ---------------------------------------------------------------------
>
>                 Key: NIFI-15471
>                 URL: https://issues.apache.org/jira/browse/NIFI-15471
>             Project: Apache NiFi
>          Issue Type: Task
>          Components: Core UI
>            Reporter: Rob Fellows
>            Assignee: Rob Fellows
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> [https://github.com/apache/nifi/security/dependabot/525]
> [https://github.com/apache/nifi/security/dependabot/524]
>  
> *npm audit:*
> hono  <=4.11.3
> Severity: high
> Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" 
> (untrusted header.alg fallback) - 
> https://github.com/advisories/GHSA-3vhc-576x-3qv4
> Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) 
> Allows Token Forgery and Auth Bypass - 
> https://github.com/advisories/GHSA-f67f-6cw9-8mq4



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (NIFI-15471) UI - Address dependabot detected issues in transitive dependency hono

Reply via email to