[ https://issues.apache.org/jira/browse/NIFI-10084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann resolved NIFI-10084. ------------------------------------- Fix Version/s: 1.17.0 Assignee: David Handermann Resolution: Fixed > Upgrade commons-httpclient > -------------------------- > > Key: NIFI-10084 > URL: https://issues.apache.org/jira/browse/NIFI-10084 > Project: Apache NiFi > Issue Type: Bug > Affects Versions: 1.16.1, 1.16.2 > Reporter: Mike R > Assignee: David Handermann > Priority: Major > Fix For: 1.17.0 > > > It looks like commons-httpclient-3.1, which is found at > nifi-toolkit-current/lib/commons-httpclient-3.1.jar is vulnerable to a CVE > and is end of life. The CVE is > [https://nvd.nist.gov/vuln/detail/CVE-2012-5783] > There is also CVE 2020-13956 > When I look for updates, it looks like the end of life was 16 December 2007, > with the newer module being [Maven Repository: org.apache.httpcomponents » > httpclient > (mvnrepository.com)|https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient] > More information can be found from [the apache > website|https://hc.apache.org/downloads.cgi] > The vulnerable component is found at > /nifi-toolkit/lib/commons-httpclient-3.1.jar. > -- This message was sent by Atlassian Jira (v8.20.10#820010)