Åç Ç¬

**Name of the Vulnerable Software and Affected Versions** Apache NiFi versions prior to 1.6.0 **Description** The issue concerns an External XML Entity problem in the SplitXML processor, which could lead to information disclosure or remote code execution if malicious XML content is used. **Recommendations** For versions prior to 1.6.0, upgrade to Apache NiFi 1.6.0 or a later version to apply the fix that disables external general entity parsing and disallows doctype declarations.

**Name of the Vulnerable Software and Affected Versions** Apache NiFi versions prior to 1.6.0 **Description** The issue is related to a deserialization problem in the ActiveMQ client, which could lead to a denial of service when malicious JMS content is processed. **Recommendations** For Apache NiFi versions prior to 1.6.0, upgrade to Apache NiFi 1.6.0 or a later version to resolve the issue.