...
NOTE: This page is copy of Jakarta London DCAEreport created by SECCOM under DCAEGEN2-3318 (excluded CVE info); any update should be done on parent page.
...
When the status of all direct dependency replacements is
Status | ||||
---|---|---|---|---|
|
Status | ||||
---|---|---|---|---|
|
dcaegen2-analytics-tca-gen2
Status | Priority | Component name and version | Recommended version | Threat level |
Recommended version
Project’s assessment |
OPEN |
2
io.springfox : springfox-swagger2 : 3.0.0
???
1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 | ||
OPEN | 1 | io.undertow : undertow |
Status | ||
---|---|---|
|
2
-core : 2.2. |
17.Final |
5
2. |
Status
Priority
Component name and version
Threat level
Recommended version
Project’s assessment (Target for J)
Status | ||
---|---|---|
|
1
9
7
4
Status | ||
---|---|---|
|
3. |
dcaegen2-collectors-datafile
0.Final | |||||
OPEN | 2 | io.springfox : springfox-swagger-ui : 2.10.5 | 3.0.0 | ||
COMPLETE |
2 | io.springfox : springfox-swagger2 : 3.0.0 |
...
3.0.0 | SECCOM: 3.0. is the latest version |
dcaegen2-collectors-
...
datafile
Status | Priority | Component name and version | Recommended version | Threat level |
Project’s assessment |
OPEN | 1 |
com.fasterxml. |
jackson. |
core : |
jackson- |
databind : |
2.13.3 |
2.14.1 | |||||
OPEN | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.65 | 10.1.2 | This is transient dependency from spring-boot; upgraded to tomcat 9.0.65 which is default in the spring-boot 2.7.2 |
OPEN | 1 |
com.google.code.gson : gson : 2.8.5
Status | ||
---|---|---|
|
org.springframework : spring-web : 5.3.22 | 6.0.2 | ||
2 | io.springfox : springfox- |
swagger-ui : 3.0.0 |
3.0.0 | SECCOM: 3.0. is the latest version | ||||
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version |
com.fasterxml.jackson.core : jackson-databind : 2.11.0
dcaegen2-collectors-hv-ves
Status | Priority | Component name and version | CVE | Threat level | Recommended version | Project’s assessment |
Status | ||
---|---|---|
|
com.google.code.gson : gson : 2.8.6
No vulnerable components |
onap-dcaegen2-collectors-
...
restconf
Status | Priority | Component name and version | Recommended version | Threat level |
Recommended version
Project’s assessment |
OPEN | 1 | com. |
fasterxml. |
jackson. |
core : |
jackson-databind : 2. |
13. |
3 |
2. |
14.1 | |||
OPEN | 1 | org.codehaus.jettison : jettison : 1.3.7 | 1.5.2 |
OPEN | 2 | io. |
springfox : |
springfox- |
swagger- |
ui : |
2. |
10. |
5 |
3. |
0. |
Status | ||
---|---|---|
|
0 | ||
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 |
...
3.0.0 | SECCOM: 3.0. is the latest version |
dcaegen2-collectors-ves
Status | Priority | Component name and version | Recommended version | Threat level |
Project’s |
com.fasterxml.jackson.core : jackson-databind : 2.11.0
Status | ||
---|---|---|
|
nifi-utils : 1.9.2
assessment | |||||
COMPLETE | 2 | io.springfox : springfox-swagger-ui : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version | |
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version |
dcaegen2-platform-
...
mod-
...
genprocessor
Status | Priority | Component name and version | Recommended version | Threat level |
Recommended version
Project’s assessment |
OPEN | 1 | com. |
fasterxml. |
jackson. |
core : |
jackson-databind : 2. |
11. |
0 |
2. |
14.1 |
OPEN | 1 |
org. |
apache. |
commons : |
commons-text : 1.7 | 1.10.0 | ||
OPEN | 2 | org.apache.nifi : nifi-utils : 1.9.2 | 1.19.0 |
dcaegen2-platform-
...
mod-
...
runtimeapi
Status | Priority | Component name and version | Recommended version | Threat level |
Project’s assessment |
Status | ||
---|---|---|
|
POC components; not part of ONAP deployment
Status | ||
---|---|---|
|
OPEN | 1 |
com.google.code.gson : gson : 2.8.6
org.yaml : snakeyaml : 1.26 | 1.33 | ||
2 |
io.springfox : springfox-swagger-ui : |
3. |
0. |
9
6
6
0 | 3.0.0 |
Status | ||
---|---|---|
|
...
dcaegen2-platform-mod2-helm-generator
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
OPEN | 1 | com.fasterxml.jackson.core : jackson-databind : 2.10.3 | 2.14.1 |
dcaegen2-platform-ves-openapi-manager
Status | Priority | Component name and version |
Recommended version | Threat level |
Recommended version
Project’s |
...
assessment | |||||
OPEN | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 |
dcaegen2-services-kpi-computation-ms
Status | Priority | Component name and version | Recommended version | Threat level |
Recommended version
Project’s |
assessment | ||
OPEN | 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 |
1. |
4. |
5 |
OPEN | 1 |
9
4com.fasterxml.jackson.core : jackson-databind : 2. |
13. |
3 |
2. |
14. |
1 | ||
OPEN |
1 | io.undertow : undertow-core : 2.2. |
17.Final |
5
5
2. |
3. |
0.Final |
OPEN | 1 | org.springframework : spring- |
web : 5.3. |
20 | 6 |
. |
0. |
dcaegen2-services-bbs-event-processor
2 | |||
OPEN | 2 | org.eclipse.jetty : jetty-server : 9.4.41.v20210516 | 11.0.12 |
Status
Priority
Component name and version
CVE
Threat level
Recommended version
dcaegen2-services-mapper
Status | Priority | Component name and version | Recommended version | Threat level |
Recommended version
Project’s |
assessment | ||
OPEN | 1 | com.fasterxml.jackson.core : jackson-databind : 2. |
13. |
3 | 2. |
14. |
1 | |||||
OPEN | 1 | com.thoughtworks.xstream : xstream : 1.4.19 | 1.4.19 |
OPEN | 1 |
com.google.code.gson : gson : 2.8.5
org.postgresql : postgresql : 42.3.6 | 42.5.1 | ||
OPEN | 2 | io.projectreactor.netty : reactor-netty : 0.9.12.RELEASE | 1.1.0 |
Status | ||
---|---|---|
|
8
OPEN | 2 |
xerces : xercesImpl : 2.12. |
2 | 2.12.2 |
dcaegen2-services-pm-mapper
Status | Priority | Component name and version | Recommended version | Threat level |
Recommended version
Project’s |
assessment | |
OPEN | 1 |
com.google.code.gson : gson : 2.8.5
Status | ||
---|---|---|
|
2
io.undertow : undertow-core : 2.2. |
17.Final |
4
4
2. |
2.2.14.Final
3.0.Final |
dcaegen2-services-prh
Status | Priority | Component name and version | Recommended version | Threat level |
Recommended version
Project’s |
assessment | |||
OPEN | 1 | org.apache.commons : commons-text : 1.6 | 1.10.0 |
OPEN | 1 | org.apache.tomcat.embed : tomcat-embed- |
core : 9.0. |
65 | 10.1. |
2 |
OPEN | 1 | org.springframework : spring-web : 5.3. |
9
4
5.3.13 RELEASE
22 | 6.0.2 |
dcaegen2-services-sdk
Status | Priority | Component name and version | Recommended version | Threat level |
Project’s assessment |
OPEN | 1 |
com. |
google. |
protobuf : |
protobuf- |
java : |
3. |
Status | ||
---|---|---|
|
1
com.google.code.gson : gson : 2.8.5
...
21.1 | 4.0.0-rc-2 |
dcaegen2-services-slice-analysis-ms
Status | Priority | Component name and version | Recommended version | Threat level |
Project’s assessment | |||||
OPEN | 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 1.4.5 | ||
OPEN | 1 | com.fasterxml.jackson.core : jackson-databind : 2. |
13. |
3 |
2. |
14.1 |
OPEN | 1 |
org.apache. |
tomcat. |
embed : |
tomcat-embed-core : |
9. |
0. |
65 | 10.1.2 |
OPEN | 1 | org. |
postgresql : |
postgresql : |
42.3. |
6 | 42.5.1 | ||
OPEN | 1 |
9
4
5.3.13 RELEASE
org.springframework : spring- |
web : 5.3. |
20 | 6 |
. |
0. |
2 |
OPEN |
2 | org. |
eclipse. |
jetty : |
jetty- |
server : 9. |
6
10.1.0-M7
4.41.v20210516 | 11.0.12 |
dcaegen2-services-
...
son-
...
handler
Status | Priority | Component name and version | Recommended version | Threat level |
Recommended version
Project’s assessment | |||||
OPEN | 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 1.4.5 | ||
OPEN | 1 | com.fasterxml.jackson.core : jackson-databind : 2. |
13. |
3 |
2. |
14. |
1 |
OPEN | 1 |
org.apache. |
tomcat. |
embed : |
tomcat-embed-core : |
9. |
0. |
65 | 10. |
1.2 |
OPEN | 1 | org. |
postgresql : |
postgresql : |
42.3. |
9
4
5.3.13 RELEASE
6 | 42.5.1 | ||
OPEN | 1 |
org.springframework : spring- |
web : 5.3. |
20 | 6 |
. |
0.2 | ||
OPEN | 2 |
io. |
projectreactor. |
netty : |
reactor- |
netty : 0.9. |
12. |
RELEASE |
6
1 |
.1.0 |
dcaegen2-platform-mod2-helmgenerator
...
Status
...
Priority
...
Component name and version
...
Threat level
...
Recommended version
...
Project’s assessment (Target for J)
OPEN | 2 | org.eclipse.jetty : jetty-server : 9.4.40.v20210413 | 11.0.12 |
The following had no violations (or no direct violations):
- dcaegen2-deployments
- dcaegen2-platform-adapter-acumos
- dcaegen2-platform-mod-designtool
- dcaegen2-platform-mod-distributorapi
- dcaegen2-platform-mod-onboardingapi
dcaegen2-platform-mod2-catalog-service
dcaegen2-platform-mod2-auth-service
- dcaegen2-platform-mod2-ui
- dcaegen2-services-heartbeat
- dcaegen2-utils
- dcaegen2
...
com.fasterxml.jackson.core : jackson-databind : 2.10.3
...
com.squareup.okhttp3 : okhttp : 4.0.1
...
dcaegen2-platform-ves-openapi-manager
...
Status
...
Priority
...
Component name and version
...
Threat level
...
Recommended version
...
Project’s assessment (Target for J)
...
com.fasterxml.jackson.core : jackson-databind : 2.9.4
...