XuCongying created NIFI-7213: -------------------------------- Summary: Some CVEs in dependencies are threatening your project! Key: NIFI-7213 URL: https://issues.apache.org/jira/browse/NIFI-7213 Project: Apache NiFi Issue Type: Bug Reporter: XuCongying
Your project is at risk due to the use of vulnerable dependencies. I suggest updating their versions to increase the security of your project. See below for more details: Vulnerable Library Version: org.apache.derby : derby : 10.11.1.1 CVE ID: [CVE-2015-1832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1832) Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml, nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml, nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml, nifi-nar-bundles/nifi-extension-utils/nifi-database-utils/pom.xml Suggested Safe Versions: 10.12.1.1, 10.13.1.1, 10.14.1.0, 10.14.2.0, 10.15.1.3 Vulnerable Library Version: org.eclipse.paho : org.eclipse.paho.client.mqttv3 : 1.2.0 CVE ID: [CVE-2019-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11777) Import Path: nifi-nar-bundles/nifi-mqtt-bundle/nifi-mqtt-processors/pom.xml Suggested Safe Versions: 1.2.1, 1.2.2 Vulnerable Library Version: com.google.guava : guava : 18.0 CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237) Import Path: nifi-nar-bundles/nifi-graph-bundle/nifi-graph-processors/pom.xml Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre Vulnerable Library Version: org.apache.ignite : ignite-spring : 1.6.0 CVE ID: [CVE-2017-7686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7686) Import Path: nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml Suggested Safe Versions: 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.7.0, 2.7.5, 2.7.6 Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 0.11.0.3 CVE ID: [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196) Import Path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-0-11-processors/pom.xml Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0 Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 1.0.2 CVE ID: [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196) Import Path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-1-0-processors/pom.xml Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0 Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 2.0.0 CVE ID: [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196) Import Path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-2-0-processors/pom.xml Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0 Vulnerable Library Version: org.apache.hive : hive-jdbc : 1.2.1 CVE ID: [CVE-2016-3083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083), [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), [CVE-2018-1282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282) Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml Suggested Safe Versions: 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2 Vulnerable Library Version: org.apache.hive : hive-jdbc : 1.1.1 CVE ID: [CVE-2016-3083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083), [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), [CVE-2018-1282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282) Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive_1_1-processors/pom.xml Suggested Safe Versions: 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2 Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.10.0 CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200) Import Path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml, nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0 Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.3.1 CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200) Import Path: nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/pom.xml Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0 Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.8.1 CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200) Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0 Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.6.0 CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200) Import Path: nifi-bootstrap/pom.xml Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0 Vulnerable Library Version: org.apache.ignite : ignite-core : 1.6.0 CVE ID: [CVE-2016-6805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6805), [CVE-2018-8018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8018), [CVE-2018-1295](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1295), [CVE-2017-7686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7686) Import Path: nifi-nar-bundles/nifi-ignite-bundle/nifi-ignite-processors/pom.xml Suggested Safe Versions: 2.6.0, 2.7.0, 2.7.5, 2.7.6 Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.8 CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840), [CVE-2019-16335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330), [CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384), [CVE-2019-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086), [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531), [CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439), [CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814), [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943), [CVE-2019-14379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379), [CVE-2019-14540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540), [CVE-2019-17267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267), [CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942) Import Path: nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/pom.xml Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3 Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.10.1 CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330) Import Path: nifi-external/nifi-spark-receiver/pom.xml, nifi-commons/nifi-site-to-site-client/pom.xml...(The rest of the 29 paths is hidden.) Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3 Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.10 CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330), [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943), [CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942), [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531) Import Path: nifi-nar-bundles/nifi-easyrules-bundle/nifi-easyrules-service/pom.xml Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3 Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.9 CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840), [CVE-2019-16335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330), [CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384), [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531), [CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439), [CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814), [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943), [CVE-2019-14379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379), [CVE-2019-14540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540), [CVE-2019-17267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267), [CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942) Import Path: nifi-nar-bundles/nifi-graph-bundle/nifi-graph-processors/pom.xml Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3 Vulnerable Library Version: org.apache.storm : storm-core : 1.1.1 CVE ID: [CVE-2018-8008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8008), [CVE-2018-1331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1331), [CVE-2019-0202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0202), [CVE-2018-1332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1332), [CVE-2018-11779](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11779) Import Path: nifi-external/nifi-storm-spout/pom.xml Suggested Safe Versions: 2.1.0 Vulnerable Library Version: org.apache.mina : mina-core : 2.0.19 CVE ID: [CVE-2019-0231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0231) Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml Suggested Safe Versions: 2.0.21, 2.1.2, 2.1.3, 3.0.0-M1, 3.0.0-M2 Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-core : 1.2.1 CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521) Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml, nifi-nar-bundles/nifi-kite-bundle/nifi-kite-processors/pom.xml Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2 Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-core : 1.1.1 CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521) Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive_1_1-processors/pom.xml Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2 Vulnerable Library Version: org.elasticsearch : elasticsearch : 5.6.16 CVE ID: [CVE-2019-7614](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7614) Import Path: nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml Suggested Safe Versions: 6.8.4, 6.8.5, 6.8.6, 7.4.0, 7.4.1, 7.4.2, 7.5.0, 7.5.1, 7.5.2, 7.6.0 Vulnerable Library Version: org.apache.solr : solr-core : 6.6.6 CVE ID: [CVE-2017-3164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3164) Import Path: nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/pom.xml Suggested Safe Versions: 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1 Vulnerable Library Version: org.apache.poi : poi-ooxml : 4.0.1 CVE ID: [CVE-2019-12415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415) Import Path: nifi-nar-bundles/nifi-poi-bundle/nifi-poi-processors/pom.xml Suggested Safe Versions: 4.1.1, 4.1.2 Vulnerable Library Version: commons-beanutils : commons-beanutils : 1.9.3 CVE ID: [CVE-2019-10086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086), [CVE-2014-0114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114) Import Path: nifi-toolkit/nifi-toolkit-encrypt-config/pom.xml, nifi-nar-bundles/nifi-hl7-bundle/nifi-hl7-processors/pom.xml, nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml Suggested Safe Versions: 1.9.4, 20020520, 20021128.082114, 20030211.134440 Vulnerable Library Version: xerces : xercesImpl : 2.11.0 CVE ID: [CVE-2012-0881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881), [CVE-2013-4002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002) Import Path: nifi-nar-bundles/nifi-poi-bundle/nifi-poi-processors/pom.xml Suggested Safe Versions: 2.12.0 Vulnerable Library Version: org.apache.derby : derbynet : 10.11.1.1 CVE ID: [CVE-2018-1313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1313) Import Path: nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml Suggested Safe Versions: 10.14.2.0, 10.15.1.3 Vulnerable Library Version: org.apache.directory.server : apacheds-all : 2.0.0-M20 CVE ID: [CVE-2015-3250](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3250) Import Path: nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/pom.xml Suggested Safe Versions: 2.0.0-M21, 2.0.0-M22, 2.0.0-M23, 2.0.0-M24 Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-streaming : 1.2.1 CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521) Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive-processors/pom.xml Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2 Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-streaming : 1.1.1 CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521) Import Path: nifi-nar-bundles/nifi-hive-bundle/nifi-hive_1_1-processors/pom.xml Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2 Vulnerable Library Version: org.springframework : spring-web : 4.3.19.RELEASE CVE ID: [CVE-2018-15756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756) Import Path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/pom.xml, nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml Suggested Safe Versions: 4.3.20.RELEASE, 4.3.21.RELEASE, 4.3.22.RELEASE, 4.3.23.RELEASE, 4.3.24.RELEASE, 4.3.25.RELEASE, 4.3.26.RELEASE, 5.0.16.RELEASE, 5.1.13.RELEASE, 5.2.3.RELEASE Vulnerable Library Version: commons-httpclient : commons-httpclient : 3.1 CVE ID: [CVE-2014-3577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577), [CVE-2012-5783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783), [CVE-2012-6153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153) Import Path: nifi-nar-bundles/nifi-kite-bundle/nifi-kite-processors/pom.xml Suggested Safe Versions: 3.0alpha2 Vulnerable Library Version: org.apache.lucene : lucene-core : 5.3.1 CVE ID: [CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163) Import Path: nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/pom.xml Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1 Vulnerable Library Version: org.apache.activemq : activemq-client : 5.15.8 CVE ID: [CVE-2019-0222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222) Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml, nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/pom.xml Suggested Safe Versions: 5.15.10, 5.15.11, 5.15.9 Vulnerable Library Version: com.h2database : h2 : 1.4.187 CVE ID: [CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054), [CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335) Import Path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml, nifi-nar-bundles/nifi-extension-utils/nifi-database-utils/pom.xml Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200 Vulnerable Library Version: com.h2database : h2 : 1.4.192 CVE ID: [CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054), [CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335) Import Path: nifi-nar-bundles/nifi-standard-services/nifi-dbcp-service-bundle/nifi-dbcp-service/pom.xml Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200 Vulnerable Library Version: com.h2database : h2 : 1.3.176 CVE ID: [CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054), [CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335) Import Path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/pom.xml, nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/pom.xml Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200 Vulnerable Library Version: org.apache.kafka : kafka_2.10 : 0.9.0.1 CVE ID: [CVE-2018-1288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288) Import Path: nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-0-9-processors/pom.xml Suggested Safe Versions: 0.10.2.2 -- This message was sent by Atlassian Jira (v8.3.4#803005)