Skip to main content

CollectorsSite Collector Release Notes

Table of Contents

Vulnerability Remediation Policy

This policy describes Exabeam’s approach to addressing Common Vulnerabilities and Exposures (CVEs) in Site Collector.

The Site Collector Core application consists of three containers: nifi, minifi, and toolkit. Each container has an OS layer, a JVM layer, and Linux utilities that are installed. A fixable CVE is defined as any CVE that has been fixed by the respective open source software community, as of the day the new Exabeam release gets ratified by engineering. Such CVE will be remediated in that release for the OS layer, JVM layer, and Linux utilities that are installed in each container.

Each container also contains software from the Apache NiFi community. NiFi is a critical operational component for the site collector and updating it requires extensive regression testing. Exabeam will update NiFi software (minor or major version as determined feasible by engineering) every quarter, and then any CVEs remediated by the Apache NiFi community as of that time will get remediated.

The CVEs that are remediated in a specific release are listed in the addressed issues section of the release notes. Any Critical CVEs that remain unresolved despite the above mentioned steps are listed in the known issues section of the release notes along with the impact.