Release Notes
Also available as:


  • Summary: Apache NiFi LDAP TLS issue because of Spring Security LDAP vulnerability
  • Severity: Severe
  • Versions Affected: Apache NiFi 0.1.0 – 15.0
  • Description: Spring Security LDAP library was not enforcing credential authentication after TLS handshake negotiation. See NVD CVE-2017-8028 disclosure for more information.
  • Mitigation: The fix to upgrade the spring-ldap library to 2.3.2.RELEASE+ was applied to the HDF 3.2.0 release. To address this issue, upgrade to HDF 3.2.0.