Skip to content

apache-nifi/2.7.2-r0: cve remediation #76574

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Ankush-Pathak merged 2 commits into from
Dec 29, 2025
Merged

apache-nifi/2.7.2-r0: cve remediation #76574

Ankush-Pathak merged 2 commits into from
Dec 29, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Dec 21, 2025
edited by Ankush-Pathak
Loading

apache-nifi/2.7.2-r0: fix GHSA-x44p-gvrj-pj2r

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/apache-nifi.advisories.yaml

"Breadcrumbs" for this automated service

Inspected git repositories: https://github.com/apache/nifi@rel/nifi-2.7.2

@octo-sts octo-sts bot added automated pr request-cve-remediation maven/pombump p:apache-nifi GHSA-x44p-gvrj-pj2r P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed staging-approver-bot/manual-review-needed approver-bot/manual-review-needed labels Dec 21, 2025
@Ankush-Pathak Ankush-Pathak force-pushed the cve-apache-nifi-2.7.2-r0-00e8f2f9a0d5a79fb057460797fd385f branch 3 times, most recently from 67740a5 to f1af175 Compare December 26, 2025 16:33
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Dec 26, 2025
edited
Loading

🔄 Build Failed: Git Checkout Error

CONFLICT (content): Merge conflict in pom.xml
error: could not apply 3c52bed1b4... NIFI-15359 Upgraded S3 Encryption Client from 3.6.0 to 4.0.0 (#10659)

Build Details

Category Details
Build System git
Failure Point git cherry-pick -x 3c52bed1b42a2386eae5fd56a9dc432c6ea8fe53

Root Cause Analysis 🔍

Cherry-pick operation failed due to merge conflict in pom.xml file when attempting to apply commit 3c52bed1b42a2386eae5fd56a9dc432c6ea8fe53 from main branch. The git checkout step was trying to apply a security patch (GHSA-x44p-gvrj-pj2r) to upgrade S3 Encryption Client, but the changes conflict with the existing pom.xml content in the target tag rel/nifi-2.7.2.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Dec 26, 2025
@Ankush-Pathak
fix(apache-nifi): Bump amazon-s3-encryption-client-java through upstr…
771e7ad 
…eam patch

Signed-off-by: Ankush Pathak <ankush.pathak@chainguard.dev>
@Ankush-Pathak Ankush-Pathak force-pushed the cve-apache-nifi-2.7.2-r0-00e8f2f9a0d5a79fb057460797fd385f branch from f1af175 to 771e7ad Compare December 26, 2025 17:08
@Ankush-Pathak Ankush-Pathak requested a review from a team December 29, 2025 04:18
@Ankush-Pathak Ankush-Pathak enabled auto-merge (squash) December 29, 2025 04:18
@Ankush-Pathak Ankush-Pathak merged commit 25cde17 into main Dec 29, 2025
19 checks passed
@Ankush-Pathak Ankush-Pathak deleted the cve-apache-nifi-2.7.2-r0-00e8f2f9a0d5a79fb057460797fd385f branch December 29, 2025 07:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@debasishbsws debasishbsws debasishbsws approved these changes

Assignees

No one assigned

Labels

ai/skip-comment Stop AI from commenting on PR approver-bot/manual-review-needed automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. GHSA-x44p-gvrj-pj2r manual/review-needed maven/pombump p:apache-nifi P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-cve-remediation staging-approver-bot/manual-review-needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@debasishbsws @Ankush-Pathak