Release Notes
Also available as:
PDF

CVE-2018-1309

  • Summary: Apache NiFi XML External Entity issue in SplitXML processor
  • Severity: Moderate
  • Versions Affected: Apache NiFi 0.1.0 – 1.5.0
  • Description: Malicious XML content could cause information disclosure or remote code execution.
  • Mitigation: The fix to disable external general entity parsing and disallow doctype declarations was applied to the HDF 3.2.0 release. To address this issue, upgrade to HDF 3.2.0.