[
https://issues.apache.org/jira/browse/NIFI-10084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-10084.
-------------------------------------
Fix Version/s: 1.17.0
Assignee: David Handermann
Resolution: Fixed
> Upgrade commons-httpclient
> --------------------------
>
> Key: NIFI-10084
> URL: https://issues.apache.org/jira/browse/NIFI-10084
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.16.1, 1.16.2
> Reporter: Mike R
> Assignee: David Handermann
> Priority: Major
> Fix For: 1.17.0
>
>
> It looks like commons-httpclient-3.1, which is found at
> nifi-toolkit-current/lib/commons-httpclient-3.1.jar is vulnerable to a CVE
> and is end of life. The CVE is
> [https://nvd.nist.gov/vuln/detail/CVE-2012-5783]
> There is also CVE 2020-13956
> When I look for updates, it looks like the end of life was 16 December 2007,
> with the newer module being [Maven Repository: org.apache.httpcomponents »
> httpclient
> (mvnrepository.com)|https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient]
> More information can be found from [the apache
> website|https://hc.apache.org/downloads.cgi]
> The vulnerable component is found at
> /nifi-toolkit/lib/commons-httpclient-3.1.jar.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
