javax.net.ssl.SSLPeerUnverifiedException

2021-12-16 Thread Lior Halperin 
Hi,
We are using nifi 1.15 secured cluster with external zk 3.7.0 defined in the zk 
conf:
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
sslQuorum=false
also in the nifi nodes zookeeper properties we defined
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false

on nifi start up nodes we get :
2021-12-15 21:57:43,440 ERROR [nioEventLoopGroup-2-1] 
o.apache.zookeeper.common.ZKTrustManager Failed to verify host address: 
127.0.0.1
javax.net.ssl.SSLPeerUnverifiedException: Certificate for 
<127.0.0.1> doesn't match common name of the certificate subject: APP SERVER KEY




what are definitions we miss that should eliminate the 
SSLPeerUnverifiedException?



Internal Use - Confidential

Re: [ANNOUNCE] New Apache NiFi Committer Margot Tien

2021-12-16 Thread Andrew Lim 
Congrats Margot!

> On Dec 15, 2021, at 4:05 PM, David Handermann  
> wrote:
> 
> Congratulations Margot!
> 
> On Wed, Dec 15, 2021 at 2:50 PM Nathan Gough  wrote:
> 
>> Congrats Margot, thanks for all your contributions!
>> 
>> On Wed, Dec 15, 2021 at 3:02 PM Chris Sampson
>>  wrote:
>> 
>>> Congrat Margot!
>>> 
>>> ---
>>> *Chris Sampson*
>>> IT Consultant
>>> chris.samp...@naimuri.com
>>> 
>>> 
>>> On Wed, 15 Dec 2021 at 19:04, Pierre Villard <
>> pierre.villard...@gmail.com>
>>> wrote:
>>> 
 Congrats Margot!
 
 Le mer. 15 déc. 2021 à 20:00, Kevin Doran  a écrit
>> :
 
> Congratulations Margot! Well deserved.
> 
>> On Dec 15, 2021, at 13:47, Joe Witt  wrote:
>> 
>> Congrats Margot!   And thanks
>> 
>> On Wed, Dec 15, 2021 at 11:46 AM Matt Gilman 
> wrote:
>> 
>>> Apache NiFi community,
>>> 
>>> On behalf of the Apache NiFi PMC, I am very pleased to announce
>> that
> Margot
>>> has accepted the PMC's invitation to become a committer on the
>>> Apache
> NiFi
>>> project. We greatly appreciate all of Margot's hard work and
>>> generous
>>> contributions to the project. We look forward to continued
>>> involvement
> in
>>> the project.
>>> 
>>> Margot has been contributing to NiFi and NiFi Registry for years.
>>> Her
>>> contributions have covered both back-end and front-end
>> improvements
>>> in
> both
>>> projects in addition to release verification and thoughtful PR
 reviews.
>>> 
>>> Welcome and congratulations!
>>> 
> 
> 
 
>>> 
>>

RE: javax.net.ssl.SSLPeerUnverifiedException

2021-12-16 Thread Lior Halperin 
https://issues.apache.org/jira/browse/NIFI-3081
maybe related to this?



Internal Use - Confidential
From: Lior Halperin
Sent: Thursday, 16 December 2021 11:27
To: us...@nifi.apache.org; dev@nifi.apache.org
Subject: javax.net.ssl.SSLPeerUnverifiedException

Hi,
We are using nifi 1.15 secured cluster with external zk 3.7.0 defined in the zk 
conf:
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false
sslQuorum=false
also in the nifi nodes zookeeper properties we defined
ssl.hostnameVerification=false
ssl.quorum.hostnameVerification=false

on nifi start up nodes we get :
2021-12-15 21:57:43,440 ERROR [nioEventLoopGroup-2-1] 
o.apache.zookeeper.common.ZKTrustManager Failed to verify host address: 
127.0.0.1
javax.net.ssl.SSLPeerUnverifiedException: Certificate for 
<127.0.0.1> doesn't match common name of the certificate subject: APP SERVER KEY




what are definitions we miss that should eliminate the 
SSLPeerUnverifiedException?



Internal Use - Confidential

Re: [ANNOUNCE] New Apache NiFi Committer Margot Tien

2021-12-16 Thread M Tien 
Thanks, everyone! It’s an honor to officially be part of an amazing community.

- Margot

> On Dec 16, 2021, at 6:08 AM, Andrew Lim  wrote:
> 
> Congrats Margot!
> 
>> On Dec 15, 2021, at 4:05 PM, David Handermann  
>> wrote:
>> 
>> Congratulations Margot!
>> 
>> On Wed, Dec 15, 2021 at 2:50 PM Nathan Gough  wrote:
>> 
>>> Congrats Margot, thanks for all your contributions!
>>> 
>>> On Wed, Dec 15, 2021 at 3:02 PM Chris Sampson
>>>  wrote:
>>> 
 Congrat Margot!
 
 ---
 *Chris Sampson*
 IT Consultant
 chris.samp...@naimuri.com
 
 
 On Wed, 15 Dec 2021 at 19:04, Pierre Villard <
>>> pierre.villard...@gmail.com>
 wrote:
 
> Congrats Margot!
> 
> Le mer. 15 déc. 2021 à 20:00, Kevin Doran  a écrit
>>> :
> 
>> Congratulations Margot! Well deserved.
>> 
>>> On Dec 15, 2021, at 13:47, Joe Witt  wrote:
>>> 
>>> Congrats Margot!   And thanks
>>> 
>>> On Wed, Dec 15, 2021 at 11:46 AM Matt Gilman 
>> wrote:
>>> 
 Apache NiFi community,
 
 On behalf of the Apache NiFi PMC, I am very pleased to announce
>>> that
>> Margot
 has accepted the PMC's invitation to become a committer on the
 Apache
>> NiFi
 project. We greatly appreciate all of Margot's hard work and
 generous
 contributions to the project. We look forward to continued
 involvement
>> in
 the project.
 
 Margot has been contributing to NiFi and NiFi Registry for years.
 Her
 contributions have covered both back-end and front-end
>>> improvements
 in
>> both
 projects in addition to release verification and thoughtful PR
> reviews.
 
 Welcome and congratulations!
 
>> 
>> 
> 
 
>>> 
>

CVE-2021-44145: Apache NiFi information disclosure by XXE

2021-12-16 Thread Nathan Gough 
Severity: Low

Description:

In the TransformXML processor an authenticated user could configure an
XSLT file which, if it included malicious external entity calls, may
reveal sensitive information.

This issue is being tracked as NIFI-9399

Credit:

This issue was discovered by DangKhai at Viettel Cyber Security.

References:
https://nifi.apache.org/security.html#1.15.1-vulnerabilities