Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-11328

Upgrade Jettison direct dependencies to 1.5.4

    XMLWordPrintableJSON

Details

    Description

      Multiple framework and extension components use Jettison for JSON processing.

      Jettison 1.5.4 resolves a potential Denial-of-Service issue with infinite recursion when processing a malformed JSON array, as described in CVE-2023-1436.

      Attachments

        Activity

          People

            exceptionfactory David Handermann
            exceptionfactory David Handermann
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h
                1h