David Handermann created NIFI-12879:
---------------------------------------
Summary: Upgrade Clojure to 1.11.2
Key: NIFI-12879
URL: https://issues.apache.org/jira/browse/NIFI-12879
Project: Apache NiFi
Issue Type: Improvement
Reporter: David Handermann
Assignee: David Handermann
Fix For: 2.0.0, 1.26.0
The Clojure library for the Scripting extensions bundle should be upgraded to
[1.11.2|https://clojure.org/releases/downloads#_stable_release_1_11_2_mar_8_2024]
to mitigate CVE-2024-22871, which relates to using Java Object serialization
to read crafted inputs.
Clojure is an optional scripting library and the Scripting extensions do not
perform Java Object serialization directly. For this reason, deployments of
NiFi that do not use custom Scripting components based on Clojure are not
directly exposed to this vulnerability.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
