nifi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [nifi-site] branch main updated: Added credit for CVE reporter.
Date Thu, 01 Oct 2020 14:04:53 GMT
This is an automated email from the ASF dual-hosted git repository.

alopresto pushed a commit to branch main
in repository

The following commit(s) were added to refs/heads/main by this push:
     new 7ecb4d5  Added credit for CVE reporter.
7ecb4d5 is described below

commit 7ecb4d5ff24e793fe247b12939e017ca20fbdfbf
Author: Andy LoPresto <>
AuthorDate: Thu Oct 1 07:04:16 2020 -0700

    Added credit for CVE reporter.
 src/pages/html/security.hbs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs
index c25220e..f96af8c 100644
--- a/src/pages/html/security.hbs
+++ b/src/pages/html/security.hbs
@@ -92,7 +92,7 @@ title: Apache NiFi Security Reports
         <p>Description: The NiFi download token (one-time password) mechanism used
a fixed cache size and did not authenticate a request to create a download token, only when
attempting to use the token to access the content. An unauthenticated user could repeatedly
request download tokens, preventing legitimate users from requesting download tokens. </p>
         <p>Mitigation: Disabled anonymous authentication, implemented a multi-indexed
cache, and limited token creation requests to one concurrent request per user. Users running
any previous NiFi release should upgrade to the latest release. </p>
-        <p>Credit: This issue was discovered by an anonymous community member. </p>
+        <p>Credit: This issue was discovered by Dennis Detering (IT Security Consultant
at Spike Reply). </p>
         <p>CVE Link: <a href=""
target="_blank">Mitre Database: CVE-2020-9487</a></p>
         <p>NiFi Jira: <a href=""
         <p>NiFi PR: <a href="" target="_blank">PR

View raw message