[jira] [Updated] (NIFI-9732) Upgrade Zip4j to 2.9.1

Mike Thomsen (Jira) Sun, 27 Feb 2022 03:11:06 -0800


     [ 
https://issues.apache.org/jira/browse/NIFI-9732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Mike Thomsen updated NIFI-9732:
-------------------------------
    Fix Version/s: 1.16.0
       Resolution: Fixed
           Status: Resolved  (was: Patch Available)

> Upgrade Zip4j to 2.9.1
> ----------------------
>
>                 Key: NIFI-9732
>                 URL: https://issues.apache.org/jira/browse/NIFI-9732
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.14.0, 1.15.3
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>              Labels: dependency-upgrade, security
>             Fix For: 1.16.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Zip4j prior to 2.9.1 can throw an uncaught exception when parsing crafted Zip 
> files as described in 
> [CVE-2022-24615|https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24615].  
> The {{UnpackContent}} processors uses Zip4j to read encrypted Zip files when 
> configured with  password.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (NIFI-9732) Upgrade Zip4j to 2.9.1

Reply via email to