- Summary: Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability
- Severity: Moderate
- Versions Affected: Apache NiFi 0.1.0 – 1.5.0
- Description: Malicious JMS content could cause denial of service.
- Mitigation: The fix to upgrade the activemq-client library to 5.15.3 was applied to the HDF 3.2.0 release. To address this issue, upgrade to HDF 3.2.0.