CVE-2021-44145: Apache NiFi information disclosure by XXE

Severity: Low Description: In the TransformXML processor an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. This issue is being tracked as NIFI-9399 Credit: This issue was discovered by DangKhai at Viettel

Re: [ANNOUNCE] New Apache NiFi Committer Margot Tien

Thanks, everyone! It’s an honor to officially be part of an amazing community. - Margot > On Dec 16, 2021, at 6:08 AM, Andrew Lim wrote: > > Congrats Margot! > >> On Dec 15, 2021, at 4:05 PM, David Handermann >> wrote: >> >> Congratulations Margot! >> >> On Wed, Dec 15, 2021 at 2:50 PM Nat

RE: javax.net.ssl.SSLPeerUnverifiedException

https://issues.apache.org/jira/browse/NIFI-3081 maybe related to this? Internal Use - Confidential From: Lior Halperin Sent: Thursday, 16 December 2021 11:27 To: us...@nifi.apache.org; dev@nifi.apache.org Subject: javax.net.ssl.SSLPeerUnverifiedException Hi, We are using nifi 1.15 secured clust

Re: [ANNOUNCE] New Apache NiFi Committer Margot Tien

Congrats Margot! > On Dec 15, 2021, at 4:05 PM, David Handermann > wrote: > > Congratulations Margot! > > On Wed, Dec 15, 2021 at 2:50 PM Nathan Gough wrote: > >> Congrats Margot, thanks for all your contributions! >> >> On Wed, Dec 15, 2021 at 3:02 PM Chris Sampson >> wrote: >> >>> Congr

javax.net.ssl.SSLPeerUnverifiedException

Hi, We are using nifi 1.15 secured cluster with external zk 3.7.0 defined in the zk conf: ssl.hostnameVerification=false ssl.quorum.hostnameVerification=false sslQuorum=false also in the nifi nodes zookeeper properties we defined ssl.hostnameVerification=false ssl.quorum.hostnameVerification=false