[ https://issues.apache.org/jira/browse/NIFI-12257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17777843#comment-17777843 ]
ASF subversion and git services commented on NIFI-12257: -------------------------------------------------------- Commit f4722f4d300c3f000aa172f7ac224274238b716b in nifi's branch refs/heads/support/nifi-1.x from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=f4722f4d30 ] NIFI-12257 Upgraded MINA SSHD from 2.9.2 to 2.9.3 - SSHD 2.9.3 applies to JGit 5 for Java 8 - Upgraded SSHD from 2.10.0 to 2.11.0 for test components Signed-off-by: Pierre Villard <pierre.villard...@gmail.com> This closes #7914. > Upgrade SSHD to 2.9.3 > --------------------- > > Key: NIFI-12257 > URL: https://issues.apache.org/jira/browse/NIFI-12257 > Project: Apache NiFi > Issue Type: Improvement > Components: NiFi Registry > Reporter: David Handermann > Assignee: David Handermann > Priority: Major > Fix For: 1.24.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Apache MINA SSHD dependencies should be upgraded to 2.9.3 on the support > branch to mitgate CVE-2023-35887. The vulnerability applies to SFTP server > implementations and is not directly applicable to transitive usage in NiFi > Registry, but upgrading mitigates version-based vulnerability findings. -- This message was sent by Atlassian Jira (v8.20.10#820010)