Versions Compared

Old Version 2

changes.mady.by.user Vijay Venkatesh Kumar

Saved on

compared with

New Version 3

changes.mady.by.user Vijay Venkatesh Kumar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

NOTE: This page is copy of Jakarta London DCAEreport created by SECCOM under DCAEGEN2-3318 (excluded CVE info); any update should be done on parent page.

...

When the status of all direct dependency replacements is

Status
colourGreen
titleComplete
or
Status
colourYellow
titleWaiver
, the Jira ticket should be closed.

dcaegen2-analytics-tca-gen2

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

(Target for J)title

Status

OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???

Already on latest; no non-vulnerable version available
1com.fasterxml.jackson.core : jackson-databind : 2.13.32.14.1

OPEN

1io.undertow : undertow

Status
titleOPEN

2

undertow
-core : 2.2.
7
17.Final
5

5

2.
2

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status
titleOPEN

1

spring-web : 5.3.6

9

7

4

5.3.135.3.13 or 5.3.14

Status
titleOPEN

3.
142.2.14.Final

dcaegen2-collectors-datafile

0.Final

OPEN

2io.springfox : springfox-swagger-ui : 2.10.53.0.0

COMPLETE

2io.springfox : springfox-swagger2 : 3.0.0
5???Already on latest; no non-vulnerable version available

...

3.0.0
SECCOM: 3.0. is the latest version

dcaegen2-collectors-

...

datafile

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

(Target for J)title

Status

OPEN

1
ch
com.fasterxml.
qos
jackson.
logback
core :
logback
jackson-
core
databind :
1
2.13.3
.0-alpha081.2.101.2.10 Status
2.14.1


OPEN

1org.apache.tomcat.embed : tomcat-embed-core : 9.0.6510.1.2

This is transient dependency from spring-boot; upgraded

to tomcat 9.0.65 which is default in the spring-boot 2.7.2

title

OPEN

1

com.google.code.gson : gson : 2.8.5

72.8.92.8.9

Status
titleOPEN

org.springframework : spring-web : 5.3.226.0.2



COMPLETE		2io.springfox : springfox-
swagger2
swagger-ui : 3.0.0
5???Already on latest; no non-vulnerable version available
3.0.0
SECCOM: 3.0. is the latest version

COMPLETE

2io.springfox : springfox-swagger2 : 3.0.03.0.0
SECCOM: 3.0. is the latest version
1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

102.12.62.12.6

dcaegen2-collectors-hv-ves

Status

Priority

Component name and version

CVE

Threat level

Recommended version

Project’s assessment

(Target for J)

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.6

72.8.92.8.9







No vulnerable components

onap-dcaegen2-collectors-

...

restconf

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

(Target for J)title

Status

OPEN

1com.
google
fasterxml.
code
jackson.
gson
core :
gson
jackson-databind : 2.
8
13.
6
3
7
2.
8.9
14.1


OPEN

1org.codehaus.jettison : jettison : 1.3.71.5.2
2.8.9 Statustitle


OPEN

2io.
netty
springfox :
netty
springfox-
codec
swagger-
http
ui :
4
2.
1
10.
59.Final
5
4
3.
1
0.
70.Final4.1.73.Final

Status
titleOPEN

0


COMPLETE

2io.springfox : springfox-swagger2 : 3.0.0
5???Already on latest; no non-vulnerable version availableorg.apache.logging.log4j: log4j-core:2.16.02.17.1

...

3.0.0

SECCOM: 3.0. is the latest version

dcaegen2-collectors-ves

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s

assessment (Target for J)1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

102.12.62.12.6

Status
titleOPEN

2

nifi-utils : 1.9.2

5retain current version due to dependency with upstream nifi version on designer module

 assessment

COMPLETE

2io.springfox : springfox-swagger-ui : 3.0.03.0.0
SECCOM: 3.0. is the latest version

COMPLETE

2io.springfox : springfox-swagger2 : 3.0.03.0.0
SECCOM: 3.0. is the latest version

dcaegen2-platform-

...

mod-

...

genprocessor

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

 (Target for J)title

Status

OPEN

1com.
google
fasterxml.
code
jackson.
gson
core :
gson
jackson-databind : 2.
8
11.
6
0
7
2.
8.9POC components; not part of ONAP deployment Statustitle
14.1


OPEN

1
com
org.
squareup
apache.
okhttp3
commons :
okhttp : 4.0.1
commons-text : 1.71.10.0


OPEN

2org.apache.nifi : nifi-utils : 1.9.21.19.0
74.9.3POC components; not part of ONAP deployment


dcaegen2-platform-

...

mod-

...

runtimeapi

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

 (Target for J)title

Status

Status
titleOPEN

1com.squareup.okhttp3 : okhttp : 4.0.174.9.3

POC components; not part of ONAP deployment

Status
titleOPEN

1

OPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9POC components; not part of ONAP deployment
org.yaml : snakeyaml : 1.261.33



2
io.springfox : springfox-swagger-ui :
2
3.
9
0.
2

9

6

6

03.0.0
POC components; not part of ONAP deployment

Status
titleOPEN

2io.springfox : springfox-swagger2 : 2.9.253.0.0POC components; not part of ONAP deployment

...



dcaegen2-platform-mod2-helm-generator

Status

Priority

Component name and version

Recommended version

Threat level

Project’s assessment

OPEN

1com.fasterxml.jackson.core : jackson-databind : 2.10.3 2.14.1



dcaegen2-platform-ves-openapi-manager

Status

Priority

Component name and version

CVE

Recommended version

Threat level

Recommended version

Project’s

assessment  (Target for J)

...

 assessment

OPEN

1com.fasterxml.jackson.core : jackson-databind : 2.13.3 2.14.1



dcaegen2-services-kpi-computation-ms

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Statustitle

Project’s

assessment  (Target for J)

 assessment

OPEN

1ch.qos.logback : logback-core : 1.3.0-alpha0
8
1.
21.2.10 Statustitle
4.
10
5

OPEN

1
org.springframework : spring-web : 5.3.7

9

4
5.3.135.3.141
com.fasterxml.jackson.core : jackson-databind : 2.
11
13.
0
3
10
2.
12
14.
62.12.6 Statustitle
1

OPEN

2
1io.undertow : undertow-core : 2.2.
8
17.Final

5

5

2.
2
3.
14
0.Final
2.2.14.Final


OPEN

1org.springframework : spring-
webmvc
web : 5.3.
7
206
5
.
3
0.
14

dcaegen2-services-bbs-event-processor

2

OPEN

2org.eclipse.jetty : jetty-server : 9.4.41.v2021051611.0.12

Status

Priority

Component name and version

CVE

Threat level

Recommended version

Project’s assessment


dcaegen2-services-mapper

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s

assessment (Target for J)

 assessment

OPEN

1com.fasterxml.jackson.core : jackson-databind : 2.
11
13.
210
32.
12
14.
62.12.6org.apache.logging.log4j: log4j-core:2.16.02.17.1 Statustitle
1

OPEN

1com.thoughtworks.xstream : xstream : 1.4.191.4.19

OPEN

1

com.google.code.gson : gson : 2.8.5

72.8.92.8.9
org.postgresql : postgresql : 42.3.642.5.1

OPEN

2io.projectreactor.netty : reactor-netty : 0.9.12.RELEASE1.1.0

Status
titleOPEN

1xstream : 1.4.16

8

1.4.181.4.18 Statustitle


OPEN

2
 
xerces : xercesImpl : 2.12.
15???Already on latest; no non-vulnerable version available
22.12.2

dcaegen2-services-pm-mapper

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Statustitle

Project’s

assessment (Target for J)

 assessment

OPEN

1

com.google.code.gson : gson : 2.8.5

72.8.92.8.9

Status
titleOPEN

2

io.undertow : undertow-core : 2.2.
9
17.Final
5

4

4

2.
2.14.Final

2.2.14.Final

2.2.16.
3.0.Final


dcaegen2-services-prh

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s

assessment (Target for J)

 assessment

OPEN

1org.apache.commons : commons-text : 1.61.10.0
Statustitle


OPEN

1org.apache.tomcat.embed : tomcat-embed-
websocket
core : 9.0.
487Either 10.1.0-M8 or  9.0.56  Statustitle
6510.1.
0M7
2

OPEN

1org.springframework : spring-web : 5.3.
8

9

4

5.3.13 RELEASE

5.3.14
226.0.2

dcaegen2-services-sdk

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

Statustitle

OPEN

1
ch
com.
qos
google.
logback
protobuf :
logback
protobuf-
core
java :
1.
3.
0-alpha081.2.101.2.10

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.5

72.8.92.8.9org.springframework : spring-webflux : 5.3.165.3.14

...

21.14.0.0-rc-2

dcaegen2-services-slice-analysis-ms

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

OPEN

1ch.qos.logback : logback-core : 1.3.0-alpha01.4.5

OPEN

1com.fasterxml.jackson.core : jackson-databind : 2.
11
13.
0
3
10
2.
12.62.12.6 Statustitle
14.1

OPEN

1
ch
org.apache.
qos
tomcat.
logback
embed :
logback
tomcat-embed-core :
1
9.
3
0.
0-alpha081.2.10
6510.1.2
.10
Statustitle


OPEN

1org.
springframework
postgresql :
spring-web
postgresql :
5
42.3.
7.RELEASE
642.5.1

OPEN

1

9

4

5.3.13 RELEASE

5.3.14
org.springframework : spring-
webmvc
web : 5.3.
7
206
5
.
3
0.
14
2
Statustitle


OPEN

1
2org.
apache
eclipse.
tomcat.embed
jetty :
tomcat
jetty-
embed-core
server : 9.
0.46

6

10.1.0-M7

9.0.50 or 10.1.0-M8
4.41.v2021051611.0.12

dcaegen2-services-

...

son-

...

handler

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

OPEN

1ch.qos.logback : logback-core : 1.3.0-alpha01.4.5

OPEN

1com.fasterxml.jackson.core : jackson-databind : 2.
11
13.
0
3
10
2.
12
14.
62.12.6 Statustitle
1

OPEN

1
ch
org.apache.
qos
tomcat.
logback
embed :
logback
tomcat-embed-core :
1
9.
3
0.
0-alpha0
6510.
81.2.10
1.2
.10
Statustitle


OPEN

1org.
springframework
postgresql :
spring-web
postgresql :
5
42.3.
7.RELEASE

9

4

5.3.13 RELEASE

642.5.1

OPEN

1
5.3.14
org.springframework : spring-
webmvc
web : 5.3.
7
206
5
.
3.14 Statustitle
0.2

OPEN

2
org
io.
apache
projectreactor.
tomcat.embed
netty :
tomcat
reactor-
embed-core
netty : 0.9.
0
12.
46
RELEASE

6

10.
1
.0-M79.0.50 or 10
.1.0
-M8

dcaegen2-platform-mod2-helmgenerator

...

Status

...

Priority

...

Component name and version

...

Threat level

...

Recommended version

...

Project’s assessment (Target for J)



OPEN

2org.eclipse.jetty : jetty-server : 9.4.40.v2021041311.0.12

The following had no violations (or no direct violations): 

  • dcaegen2-deployments
  • dcaegen2-platform-adapter-acumos
  • dcaegen2-platform-mod-designtool
  • dcaegen2-platform-mod-distributorapi 
  • dcaegen2-platform-mod-onboardingapi

  • dcaegen2-platform-mod2-catalog-service

  • dcaegen2-platform-mod2-auth-service

  • dcaegen2-platform-mod2-ui
  • dcaegen2-services-heartbeat
  • dcaegen2-utils
  • dcaegen2

...

com.fasterxml.jackson.core : jackson-databind : 2.10.3

...

com.squareup.okhttp3 : okhttp : 4.0.1

...

dcaegen2-platform-ves-openapi-manager

...

Status

...

Priority

...

Component name and version

...

Threat level

...

Recommended version

...

Project’s assessment (Target for J)

...

com.fasterxml.jackson.core : jackson-databind : 2.9.4

...