Synced 17 Jun 2026 06:32 UTC Account

Is Apache NiFi 2.0.0 patched?

Apache · cycle 2.0 · end of life · Official site ↗
2.0.040/100End of life

Current stable (2.9.0): 100/100

Minimum safe version2.9.0

2.0.0 has 2 open critical-or-high vulnerabilities. Run 2.9.0 or later to clear them. See what 2.9.0 fixes →

Health score40/100
Open issues8
Exploited now0
Cycle 2.0 EOL2024-12-23
Latest release2.9.0

Summary iPlain-English security status for Apache NiFi 2.0.0, built from its CVEs, active-exploitation data, end-of-life date and latest release.

Apache NiFi 2.0.0 is part of the 2.0 release line. 8 known vulnerabilities affect it. The minimum safe version is 2.9.0 — upgrade to it or later to clear the open critical/high issues. The 2.0 line reached end-of-life on 2024-12-23, so it no longer receives security patches. The latest supported Apache NiFi release is 2.9.0.

Known issues affecting 2.0.0

Exploited first, then by exploitation probability.

CVE-2024-37389 MEDIUM EPSS 24% → fixed in 1.27.0 CVE-2024-56512 MEDIUM EPSS 3% → fixed in 2.1.0 CVE-2025-27017 MEDIUM EPSS 1% → fixed in 2.3.0 CVE-2026-39816 HIGH EPSS 1% → fixed in 2.9.0 CVE-2026-25903 MEDIUM EPSS 1% → fixed in 2.8.0 CVE-2024-52067 MEDIUM EPSS 1% → fixed in 1.28.1 CVE-2024-45477 MEDIUM EPSS 1% → see advisory CVE-2025-66524 HIGH EPSS 0% → fixed in 2.7.0

Other Apache NiFi versions

Check another release line of Apache NiFi.

Apache NiFi 2.9.0Apache NiFi 2.8.0Apache NiFi 2.7.2Apache NiFi 2.6.0Apache NiFi 2.5.0Apache NiFi 2.4.0Apache NiFi 2.3.0Apache NiFi 2.2.0Apache NiFi 2.1.0Apache NiFi 1.28.1Apache NiFi 1.27.0Apache NiFi 1.26.0Apache NiFi 1.25.0Apache NiFi 1.24.0Apache NiFi 1.23.2Apache NiFi 1.22.0Apache NiFi 1.21.0Apache NiFi 1.20.0Apache NiFi 1.19.1

Frequently asked

Is Apache NiFi 2.0.0 patched?

Apache NiFi 2.0.0 is end-of-life and no longer receives security patches. Move to 2.9.0.

What version should I upgrade Apache NiFi 2.0.0 to?

Upgrade Apache NiFi 2.0.0 to at least 2.9.0 to clear its 2 open critical-or-high vulnerabilities.

When does Apache NiFi 2.0 reach end-of-life?

Apache NiFi 2.0 reached end-of-life on 2024-12-23 and no longer receives security patches.

What is the latest version of Apache NiFi?

The latest supported Apache NiFi release is 2.9.0.

Is Apache NiFi 2.0.0 still receiving security updates?

No — Apache NiFi 2.0.0 is on the 2.0 line, which reached end-of-life on 2024-12-23 and no longer receives security updates. Upgrade to 2.9.0 or later to stay supported.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Apache's official advisory before you patch or upgrade — Apache NiFi official site ↗