ExceptionFactory

Producing content that a reasonable developer might want to read

Tags • Vulnerabilities

Enhancing Security by Removing Restrictions in Apache NiFi 2

NiFi Security Vulnerabilities

2026-07-01 • 10 minute read • David Handermann

Application security often connotes strict boundaries, symbolized as shields, locks, and keys. In some cases, however, more limitations result in less security. The Restricted annotation, deprecated in the Apache NiFi API 2.8.0, is one example of this inverse relationship. With the removal of framework authorization for the Restricted annotation in Apache NiFi 2.10.0, the application provides better security by aligning documentation, implementation, and maintainable security boundaries.

Read more

Firsthand Analysis of Apache NiFi Vulnerability CVE-2023-34468

NiFi Security Vulnerabilities

2023-10-07 • 10 minute read • David Handermann

Recent reporting on Apache NiFi vulnerability CVE-2023-34468 has highlighted significant concerns related to potential remote code execution. Although upgrading to the latest version of Apache NiFi remains the recommended solution, a closer evaluation of the vulnerability shows important details glossed over in published analysis. Exploiting H2 database connection strings requires both authentication and sufficient authorization, the importance of which is missing from recent reporting.

Read more

Analyzing and Mitigating XML External Entity Vulnerabilities in Apache NiFi

NiFi Security Vulnerabilities

2022-05-31 • 12 minute read • David Handermann

Apache NiFi 1.16.1 resolved XML external entity vulnerabilities in multiple components, described in CVE-2022-29265. Reviewing current and previous XML vulnerabilities enables an accurate characterization of the impact on particular deployments. A summary of the resolution provides useful details for any project that performs XML processing.

Read more