[jira] [Updated] (NIFI-10648) Upgrade Commons Text to 1.10.0
[ https://issues.apache.org/jira/browse/NIFI-10648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nathan Gough updated NIFI-10648: Fix Version/s: 1.19.0 Resolution: Fixed Status: Resolved (was: Patch Available) > Upgrade Commons Text to 1.10.0 > -- > > Key: NIFI-10648 > URL: https://issues.apache.org/jira/browse/NIFI-10648 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.19.0 > > Time Spent: 40m > Remaining Estimate: 0h > > Apache Commons Text versions prior to 1.10.0 are vulnerable to > [CVE-2022-42889|https://nvd.nist.gov/vuln/detail/CVE-2022-42889], which > involves potential script execution when processing untrusted input using > {{StringLookup}}. Direct and transitive references to Apache Commons Text > prior to 1.10.0 should be upgraded to avoid the default interpolation > behavior. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-10648) Upgrade Commons Text to 1.10.0
[ https://issues.apache.org/jira/browse/NIFI-10648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-10648: Status: Patch Available (was: In Progress) > Upgrade Commons Text to 1.10.0 > -- > > Key: NIFI-10648 > URL: https://issues.apache.org/jira/browse/NIFI-10648 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > Apache Commons Text versions prior to 1.10.0 are vulnerable to > [CVE-2022-42889|https://nvd.nist.gov/vuln/detail/CVE-2022-42889], which > involves potential script execution when processing untrusted input using > {{StringLookup}}. Direct and transitive references to Apache Commons Text > prior to 1.10.0 should be upgraded to avoid the default interpolation > behavior. -- This message was sent by Atlassian Jira (v8.20.10#820010)