[jira] [Created] (NIFI-11678) Update jakarta.activation to 2.0.1
Siddharth R created NIFI-11678: -- Summary: Update jakarta.activation to 2.0.1 Key: NIFI-11678 URL: https://issues.apache.org/jira/browse/NIFI-11678 Project: Apache NiFi Issue Type: Improvement Reporter: Siddharth R Assignee: Siddharth R Upgrade jakarta.activation from 1.2.2 to 2.0.1 (latest) to remediate CVE in dependency: [CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-11678) Update jakarta.activation to 2.0.1
[ https://issues.apache.org/jira/browse/NIFI-11678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddharth R updated NIFI-11678: --- Priority: Minor (was: Major) > Update jakarta.activation to 2.0.1 > -- > > Key: NIFI-11678 > URL: https://issues.apache.org/jira/browse/NIFI-11678 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Siddharth R >Assignee: Siddharth R >Priority: Minor > > Upgrade jakarta.activation from 1.2.2 to 2.0.1 (latest) to remediate CVE in > dependency: > [CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-11663) Bump flyway-core version to 9.19.3
Siddharth R created NIFI-11663: -- Summary: Bump flyway-core version to 9.19.3 Key: NIFI-11663 URL: https://issues.apache.org/jira/browse/NIFI-11663 Project: Apache NiFi Issue Type: Improvement Reporter: Siddharth R Assignee: Siddharth R Bump version to remediate CVEs: [CVE-2022-41946|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41946] [CVE-2022-31197|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31197] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-11648) Bump archetype-packaging version to 3.2.1
[ https://issues.apache.org/jira/browse/NIFI-11648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddharth R updated NIFI-11648: --- Description: Bump archetype-packaging version from 2.2 to 3.2.1 to remediate: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250] was:Bump archetype-packaging version from 2.2 to 3.2.1 > Bump archetype-packaging version to 3.2.1 > - > > Key: NIFI-11648 > URL: https://issues.apache.org/jira/browse/NIFI-11648 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Siddharth R >Assignee: Siddharth R >Priority: Minor > Labels: dependency-upgrade > > Bump archetype-packaging version from 2.2 to 3.2.1 to remediate: > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250] > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-11648) Bump archetype-packaging version to 3.2.1
Siddharth R created NIFI-11648: -- Summary: Bump archetype-packaging version to 3.2.1 Key: NIFI-11648 URL: https://issues.apache.org/jira/browse/NIFI-11648 Project: Apache NiFi Issue Type: Improvement Reporter: Siddharth R Assignee: Siddharth R Bump archetype-packaging version from 2.2 to 3.2.1 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-11643) Upgrade geoip2 to 4.0.1
Siddharth R created NIFI-11643: -- Summary: Upgrade geoip2 to 4.0.1 Key: NIFI-11643 URL: https://issues.apache.org/jira/browse/NIFI-11643 Project: Apache NiFi Issue Type: Improvement Affects Versions: 1.21.0, 2.0.0 Reporter: Siddharth R Assignee: Siddharth R Bump version from 2.16.1 to 4.0.1 to remediate findings: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004] [https://mvnrepository.com/artifact/com.maxmind.geoip2/geoip2/2.16.1#:~:text=CVE%2D2022%2D42004-,CVE%2D2022%2D42003,-CVE%2D2021%2D46877] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46877] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-11640) Update download-maven-plugin to 1.7.0
[ https://issues.apache.org/jira/browse/NIFI-11640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddharth R updated NIFI-11640: --- Labels: dependency-upgrade (was: ) > Update download-maven-plugin to 1.7.0 > - > > Key: NIFI-11640 > URL: https://issues.apache.org/jira/browse/NIFI-11640 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Siddharth R >Assignee: Siddharth R >Priority: Minor > Labels: dependency-upgrade > Fix For: 2.0.0, 1.22.0 > > > Bump download-maven-plugin to 1.7.0 to remediate multiple CVEs: > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425] > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956] > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002200] > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-11640) Update download-maven-plugin to 1.7.0
[ https://issues.apache.org/jira/browse/NIFI-11640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddharth R updated NIFI-11640: --- Fix Version/s: 2.0.0 1.22.0 > Update download-maven-plugin to 1.7.0 > - > > Key: NIFI-11640 > URL: https://issues.apache.org/jira/browse/NIFI-11640 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Siddharth R >Assignee: Siddharth R >Priority: Minor > Fix For: 2.0.0, 1.22.0 > > > Bump download-maven-plugin to 1.7.0 to remediate multiple CVEs: > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425] > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956] > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002200] > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-11640) Update download-maven-plugin to 1.7.0
Siddharth R created NIFI-11640: -- Summary: Update download-maven-plugin to 1.7.0 Key: NIFI-11640 URL: https://issues.apache.org/jira/browse/NIFI-11640 Project: Apache NiFi Issue Type: Improvement Reporter: Siddharth R Assignee: Siddharth R Bump download-maven-plugin to 1.7.0 to remediate multiple CVEs: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002200] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-11639) Update maven-checkstyle-plugin to 3.3.0
[ https://issues.apache.org/jira/browse/NIFI-11639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddharth R updated NIFI-11639: --- Labels: dependency-upgrade (was: ) > Update maven-checkstyle-plugin to 3.3.0 > --- > > Key: NIFI-11639 > URL: https://issues.apache.org/jira/browse/NIFI-11639 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Siddharth R >Assignee: Siddharth R >Priority: Minor > Labels: dependency-upgrade > Fix For: 2.0.0, 1.22.0 > > > Bump maven-checkstyle-plugin from 3.2.1 to 3.3.0 to remediate CVE: > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13936] > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-11639) Update maven-checkstyle-plugin to 3.3.0
Siddharth R created NIFI-11639: -- Summary: Update maven-checkstyle-plugin to 3.3.0 Key: NIFI-11639 URL: https://issues.apache.org/jira/browse/NIFI-11639 Project: Apache NiFi Issue Type: Improvement Reporter: Siddharth R Assignee: Siddharth R Bump maven-checkstyle-plugin from 3.2.1 to 3.3.0 to remediate CVE: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13936] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-11639) Update maven-checkstyle-plugin to 3.3.0
[ https://issues.apache.org/jira/browse/NIFI-11639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddharth R updated NIFI-11639: --- Fix Version/s: 2.0.0 1.22.0 > Update maven-checkstyle-plugin to 3.3.0 > --- > > Key: NIFI-11639 > URL: https://issues.apache.org/jira/browse/NIFI-11639 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Siddharth R >Assignee: Siddharth R >Priority: Minor > Fix For: 2.0.0, 1.22.0 > > > Bump maven-checkstyle-plugin from 3.2.1 to 3.3.0 to remediate CVE: > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13936] > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-11626) Update maven-source-plugin to 3.3.0
Siddharth R created NIFI-11626: -- Summary: Update maven-source-plugin to 3.3.0 Key: NIFI-11626 URL: https://issues.apache.org/jira/browse/NIFI-11626 Project: Apache NiFi Issue Type: Improvement Reporter: Siddharth R Assignee: Siddharth R Bump maven-source-plugin version from 3.2.1 to 3.3.0 to remediate finding: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-11625) Update jaxb2-maven-plugin to 3.1.0
Siddharth R created NIFI-11625: -- Summary: Update jaxb2-maven-plugin to 3.1.0 Key: NIFI-11625 URL: https://issues.apache.org/jira/browse/NIFI-11625 Project: Apache NiFi Issue Type: Improvement Reporter: Siddharth R Assignee: Siddharth R Bump jaxb2-maven-plugin from 2.5.0 to 3.1.0 to resolve CVE: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-11616) Update guava to 32.0.0-jre
Siddharth R created NIFI-11616: -- Summary: Update guava to 32.0.0-jre Key: NIFI-11616 URL: https://issues.apache.org/jira/browse/NIFI-11616 Project: Apache NiFi Issue Type: Improvement Reporter: Siddharth R Assignee: Siddharth R Upgrade guava version from 31.1-jre to 32.0.0-jre to remediate CVE-2020-8908 [https://nvd.nist.gov/vuln/detail/cve-2020-8908] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-11598) Upgrade gremlin.version from 3.6.2 to 3.6.4
[ https://issues.apache.org/jira/browse/NIFI-11598?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17727346#comment-17727346 ] Siddharth R commented on NIFI-11598: PR: [https://github.com/apache/nifi/pull/7311] > Upgrade gremlin.version from 3.6.2 to 3.6.4 > --- > > Key: NIFI-11598 > URL: https://issues.apache.org/jira/browse/NIFI-11598 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Siddharth R >Assignee: Siddharth R >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > Current gremlin-core version 3.6.2 has security findings - > [CVE-2022-1471|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471]. > Upgrading to 3.6.4 (which is latest) can remediate this finding. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-11598) Upgrade gremlin.version from 3.6.2 to 3.6.4
Siddharth R created NIFI-11598: -- Summary: Upgrade gremlin.version from 3.6.2 to 3.6.4 Key: NIFI-11598 URL: https://issues.apache.org/jira/browse/NIFI-11598 Project: Apache NiFi Issue Type: Improvement Reporter: Siddharth R Assignee: Siddharth R Current gremlin-core version 3.6.2 has security findings - [CVE-2022-1471|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471]. Upgrading to 3.6.4 (which is latest) can remediate this finding. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (NIFI-11587) Update questdb to 6.7
[ https://issues.apache.org/jira/browse/NIFI-11587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddharth R reassigned NIFI-11587: -- Assignee: Siddharth R > Update questdb to 6.7 > - > > Key: NIFI-11587 > URL: https://issues.apache.org/jira/browse/NIFI-11587 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.21.0 >Reporter: Mike R >Assignee: Siddharth R >Priority: Minor > > Update questdb to 6.7, will resolve CVE in dependency > [CVE-2022-41946|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41946] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-10611) Upgrade org.apache.ignite ignite-core5 to 2.13.0
[ https://issues.apache.org/jira/browse/NIFI-10611?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17724221#comment-17724221 ] Siddharth R commented on NIFI-10611: PR: [https://github.com/apache/nifi/pull/7270] > Upgrade org.apache.ignite ignite-core5 to 2.13.0 > > > Key: NIFI-10611 > URL: https://issues.apache.org/jira/browse/NIFI-10611 > Project: Apache NiFi > Issue Type: Wish >Affects Versions: 1.17.0, 1.18.0 >Reporter: Mike R >Assignee: Siddharth R >Priority: Major > > Curious to see if it is possible to upgrade ignite-core5 version from 1.6 to > a version similar to 2.13.0 to mitigate the following CVE in 1.6: > CVE-2020-1963 > CVE-2018-8018 > CVE-2018-1295 > CVE-2017-7686 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (NIFI-10611) Upgrade org.apache.ignite ignite-core5 to 2.13.0
[ https://issues.apache.org/jira/browse/NIFI-10611?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddharth R reassigned NIFI-10611: -- Assignee: Siddharth R > Upgrade org.apache.ignite ignite-core5 to 2.13.0 > > > Key: NIFI-10611 > URL: https://issues.apache.org/jira/browse/NIFI-10611 > Project: Apache NiFi > Issue Type: Wish >Affects Versions: 1.17.0, 1.18.0 >Reporter: Mike R >Assignee: Siddharth R >Priority: Major > > Curious to see if it is possible to upgrade ignite-core5 version from 1.6 to > a version similar to 2.13.0 to mitigate the following CVE in 1.6: > CVE-2020-1963 > CVE-2018-8018 > CVE-2018-1295 > CVE-2017-7686 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (NIFI-10611) Upgrade org.apache.ignite ignite-core5 to 2.13.0
[ https://issues.apache.org/jira/browse/NIFI-10611?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17724200#comment-17724200 ] Siddharth R edited comment on NIFI-10611 at 5/19/23 9:11 AM: - Can I take this up? [~msr1716] was (Author: JIRAUSER300307): Can I take this up [~msr1716] > Upgrade org.apache.ignite ignite-core5 to 2.13.0 > > > Key: NIFI-10611 > URL: https://issues.apache.org/jira/browse/NIFI-10611 > Project: Apache NiFi > Issue Type: Wish >Affects Versions: 1.17.0, 1.18.0 >Reporter: Mike R >Priority: Major > > Curious to see if it is possible to upgrade ignite-core5 version from 1.6 to > a version similar to 2.13.0 to mitigate the following CVE in 1.6: > CVE-2020-1963 > CVE-2018-8018 > CVE-2018-1295 > CVE-2017-7686 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-10611) Upgrade org.apache.ignite ignite-core5 to 2.13.0
[ https://issues.apache.org/jira/browse/NIFI-10611?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17724200#comment-17724200 ] Siddharth R commented on NIFI-10611: Can I take this up [~msr1716] > Upgrade org.apache.ignite ignite-core5 to 2.13.0 > > > Key: NIFI-10611 > URL: https://issues.apache.org/jira/browse/NIFI-10611 > Project: Apache NiFi > Issue Type: Wish >Affects Versions: 1.17.0, 1.18.0 >Reporter: Mike R >Priority: Major > > Curious to see if it is possible to upgrade ignite-core5 version from 1.6 to > a version similar to 2.13.0 to mitigate the following CVE in 1.6: > CVE-2020-1963 > CVE-2018-8018 > CVE-2018-1295 > CVE-2017-7686 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (NIFI-10746) Update cassandra-driver-core To 3.11.X Or 4.X.Y
[ https://issues.apache.org/jira/browse/NIFI-10746?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddharth R reassigned NIFI-10746: -- Assignee: (was: Siddharth R) > Update cassandra-driver-core To 3.11.X Or 4.X.Y > --- > > Key: NIFI-10746 > URL: https://issues.apache.org/jira/browse/NIFI-10746 > Project: Apache NiFi > Issue Type: Wish >Affects Versions: 1.18.0 >Reporter: Mike R >Priority: Major > > Update cassandra-driver-core To 4.X.Y from 3.10.2, which has some CVE in its > components. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] (NIFI-10746) Update cassandra-driver-core To 3.11.X Or 4.X.Y
[ https://issues.apache.org/jira/browse/NIFI-10746 ] Siddharth R deleted comment on NIFI-10746: was (Author: JIRAUSER300307): Can I take this up [~msr1716] > Update cassandra-driver-core To 3.11.X Or 4.X.Y > --- > > Key: NIFI-10746 > URL: https://issues.apache.org/jira/browse/NIFI-10746 > Project: Apache NiFi > Issue Type: Wish >Affects Versions: 1.18.0 >Reporter: Mike R >Priority: Major > > Update cassandra-driver-core To 4.X.Y from 3.10.2, which has some CVE in its > components. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-10746) Update cassandra-driver-core To 3.11.X Or 4.X.Y
[ https://issues.apache.org/jira/browse/NIFI-10746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17724180#comment-17724180 ] Siddharth R commented on NIFI-10746: Can I take this up [~msr1716] > Update cassandra-driver-core To 3.11.X Or 4.X.Y > --- > > Key: NIFI-10746 > URL: https://issues.apache.org/jira/browse/NIFI-10746 > Project: Apache NiFi > Issue Type: Wish >Affects Versions: 1.18.0 >Reporter: Mike R >Assignee: Siddharth R >Priority: Major > > Update cassandra-driver-core To 4.X.Y from 3.10.2, which has some CVE in its > components. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (NIFI-10746) Update cassandra-driver-core To 3.11.X Or 4.X.Y
[ https://issues.apache.org/jira/browse/NIFI-10746?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddharth R reassigned NIFI-10746: -- Assignee: Siddharth R > Update cassandra-driver-core To 3.11.X Or 4.X.Y > --- > > Key: NIFI-10746 > URL: https://issues.apache.org/jira/browse/NIFI-10746 > Project: Apache NiFi > Issue Type: Wish >Affects Versions: 1.18.0 >Reporter: Mike R >Assignee: Siddharth R >Priority: Major > > Update cassandra-driver-core To 4.X.Y from 3.10.2, which has some CVE in its > components. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-11454) Upgrade commons-jexl3 to 3.3.0
[ https://issues.apache.org/jira/browse/NIFI-11454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17723148#comment-17723148 ] Siddharth R commented on NIFI-11454: PR: https://github.com/apache/nifi/pull/7252 > Upgrade commons-jexl3 to 3.3.0 > -- > > Key: NIFI-11454 > URL: https://issues.apache.org/jira/browse/NIFI-11454 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.21.0 >Reporter: Mike R >Priority: Major > > Upgrade commons-jexl3 to 3.3.0 from 3.2.1 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-11454) Upgrade commons-jexl3 to 3.3.0
[ https://issues.apache.org/jira/browse/NIFI-11454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17722081#comment-17722081 ] Siddharth R commented on NIFI-11454: Can I take this up? [~msr1716] > Upgrade commons-jexl3 to 3.3.0 > -- > > Key: NIFI-11454 > URL: https://issues.apache.org/jira/browse/NIFI-11454 > Project: Apache NiFi > Issue Type: Improvement >Affects Versions: 1.21.0 >Reporter: Mike R >Priority: Major > > Upgrade commons-jexl3 to 3.3.0 from 3.2.1 -- This message was sent by Atlassian Jira (v8.20.10#820010)
