Added CVE-2017-15703 to security.hbs.
diff --git a/src/pages/html/security.hbs b/src/pages/html/security.hbs
index 94d48c9..8a88253 100644
--- a/src/pages/html/security.hbs
+++ b/src/pages/html/security.hbs
@@ -101,6 +101,21 @@
<p>Released: October 2, 2017 (Updated January 23, 2018)</p>
</div>
</div>
+<div class="row">
+ <div class="large-12 columns">
+ <p><a id="CVE-2017-15703" href="#CVE-2017-15703"><b>CVE-2017-15703</b></a>: Apache NiFi Java deserialization issue in template XML upload</p>
+ <p>Severity: <strong>Important</strong></p>
+ <p>Versions Affected:</p>
+ <ul>
+ <li>Apache NiFi 1.0.0 - 1.3.0</li>
+ </ul>
+ </p>
+ <p>Description: Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. </p>
+ <p>Mitigation: The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release. </p>
+ <p>Credit: This issue was discovered by Mike Cole. </p>
+ <p>Released: October 2, 2017 (Updated January 25, 2018)</p>
+ </div>
+</div>
<div class="medium-space"></div>
<div class="row">
<div class="large-12 columns features">
