[jira] [Updated] (NIFI-9732) Upgrade Zip4j to 2.9.1

David Handermann (Jira) Sat, 26 Feb 2022 07:22:05 -0800


     [ 
https://issues.apache.org/jira/browse/NIFI-9732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


David Handermann updated NIFI-9732:
-----------------------------------
    Status: Patch Available  (was: Open)

> Upgrade Zip4j to 2.9.1
> ----------------------
>
>                 Key: NIFI-9732
>                 URL: https://issues.apache.org/jira/browse/NIFI-9732
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.15.3, 1.14.0
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>              Labels: dependency-upgrade, security
>
> Zip4j prior to 2.9.1 can throw an uncaught exception when parsing crafted Zip 
> files as described in 
> [CVE-2022-24615|https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24615].  
> The {{UnpackContent}} processors uses Zip4j to read encrypted Zip files when 
> configured with  password.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (NIFI-9732) Upgrade Zip4j to 2.9.1

Reply via email to