Page History

...

Repository	Group	Impact Analysis	Action
ccsdk/apps	ch.qos.logback	Need to upgrade version to 1.2.0	Plan to upgrade version to 1.2.0, where feasible
ccsdk/apps, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/plugins	ch.qos.logback	Need to upgrade version to 1.2.0	Plan to upgrade version to 1.2.0, where feasible
ccsdk/apps, ccsdk/distribution, ccsdk/sli/plugins	com.fasterxml.jackson.core	No non-vulnerable version of Jackson exists	Need to rewrite code to avoid Jackson
ccsdk/parent	com.fasterxml.jackson.core	Fixed in version 2.8.6	Plan to upgrade to version >= 2.8.6
ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors	com.fasterxml.jackson.core	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors	com.fasterxml.jackson.core	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/features	com.fasterxml.jackson.core	No non-vulnerable version of Jackson exists	Need to rewrite code to avoid Jackson
ccsdk/sli/northbound	com.fasterxml.jackson.core	No non-vulnerable version of Jackson exists	Need to rewrite code to avoid Jackson
ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors	com.fasterxml.jackson.core	No non-vulnerable version of Jackson exists	Need to rewrite code to avoid Jackson
ccsdk/parent	com.fasterxml.jackson.core	Fixed in version 2.8.8.1	Plan to upgrade to version >= 2.8.8.1
ccsdk/apps, ccsdk/distribution, ccsdk/sli/adaptors	com.fasterxml.jackson.core	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	com.fasterxml.jackson.dataformat	Need to upgrade to version 2.7.4 or higher	Plan to upgrade to version >= 2.7.8
ccsdk/distribution	com.fasterxml.jackson.dataformat	Need to upgrade to version 2.7.8 or higher	Plan to upgrade to version >= 2.7.8
ccsdk/distribution	com.flozano.sendgrid	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/sli/northbound	com.google.guava	Need to upgrade to version 23.6.1 or greater	Plan to upgrade to version 23.6.1 or higher
ccsdk/apps	com.google.guava	Need to upgrade to version 23.6.1 or greater	Plan to upgrade to version 23.6.1 or higher
ccsdk/distribution	com.google.guava	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	com.google.guava	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	com.h2database	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	com.h2database	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps	com.h2database	No non-vulnerable version exists	Need to find replacement
ccsdk/apps	com.h2database	No non-vulnerable version exists	Need to find replacement
ccsdk/distribution	com.jcraft	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution, ccsdk/sli/adaptors	com.sun.mail	Need to upgrade to version 1.5.3 or greater	Plan to upgrade to version >= 1.5.3
ccsdk/distribution	commons-beanutils	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	commons-beanutils	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	commons-codec	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution, ccsdk/sli/plugins	commons-collections	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	commons-collections	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	commons-fileupload	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	commons-fileupload	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	commons-fileupload	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution, ccsdk/sli/plugins	dom4j	Need to upgrade to version 2.1.1 or higher	Need to upgrade to version 2.1.1 or higher
ccsdk/distribution	io.netty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	io.netty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	io.netty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	io.netty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution, ccsdk/features	javax.mail	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	javax.mail	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/sli/adaptors	javax.mail	Inherited from OpenDaylight	Must be updated to 1.4.5 to be consistent with ODL
ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.activemq	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.activemq	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.faces.core	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hbase	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors	org.apahe.httpcomponents	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/core, ccsdk/sli/northbound, ccsdk/sli/plugins	org.apache.karaf.jaas	Need to upgrade to version 4.5.3 or higher	Plan to upgrade to version >= 4.5.3
ccsdk/apps, ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/core, ccsdk/sli/northbound, ccsdk/sli/pliugins	org.apache.karaf.jaas	Need to upgrade to version 4.3.6 or higher	Plan to upgrade to version >= 4.5.3
ccsdk/apps, ccsdk/distribution	org.apache.karaf.webconsole	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.apache.karaf.webconsole	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.apache.karaf.webconsole	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.apache.karaf.webconsole	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.myfaces.core	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.servicemix.bundles	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.servicemix.bundles	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.servicemix.bundles	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.servicemix.bundles	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.shiro	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.shiro	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.32 or higher	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.28 or higher	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.32 or higher	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.23 or later	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.32 or higher	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.28 or higher	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version > 8.5.16	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.32 or higher	Plan to upgrade version >= 8.5.32
ccsdk/distribution	org.apache.zookeeper	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.zookeeper	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.bouncycastle	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.bouncycastle	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.bouncycastle	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.bouncycastle	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.codehaus.jackson	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.codehaus.jackson	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.dom4j	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty.aggregate	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty.aggregate	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.hibernate	Need to upgrade to version 5.3.6.Final or later	Plan to upgrade to version >= 5.3.6.Final
ccsdk/distribution	org.infinispan	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.infinispan	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.jboss.narayana.osgi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.jboss.narayana.osgi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.jboss.narayana.osgi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.jboss.narayana.osgi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.jgroups	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps	org.liquibase	False positive? CVE refers to jQuery, not liquibase.	Unknown - inadequate information in tool
ccsdk/apps	org.liquibase	False positive? CVE refers to bootstrap, not liquibase	Unknown - inadequate information in tool
ccsdk/apps, ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.ops4j.pax.web	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.postgresql	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.15 or higher	Plan to upgrade to version >= 4.3.17
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.17 or higher	Plan to upgrade to version >= 4.3.17
ccsdk/parent	org.springframework	Need to upgrade to version 4.3.15 or higher	Plan to upgrade to version >= 4.3.17
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.17 or higher	Plan to upgrade to version >= 4.3.17
ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/plugins	org.springframework	Need to upgrade to version 4.3.15 or higher	Plan to upgrade to version >= 4.3.17
ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/plugins	org.springframework	Need to upgrade to version 4.3.17 or higher	Plan to upgrade to version >= 4.3.17
ccsdk/parent	org.springframework	Need to upgrade to version 4.3.18 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/parent	org.springframework	Need to upgrade to version 4.3.18 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.18 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.18 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/distribution, ccsdk/features	org.springframework	Need to upgrade to version 4.3.15 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/distribution, ccsdk/features	org.springframework	Need to upgrade to version 4.3.18 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.18 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.15 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/apps	org.springframework.boot	Need to upgrade to version 1.5.10 or highrer	Plan to upgrade to version >= 1.5.10
ccsdk/apps	org.springframework.data	Need to upgrade to version 1.3.10 or higher	Plan to upgrade version >= 1.3.12
ccsdk/apps	org.springframework.data	Need to upgrade to version 1.3.11 or higher	Plan to upgrade version >= 1.3.12
ccsdk/apps	org.springframework.data	Need to upgrade to version 1.3.12 or higher	Plan to upgrade version >= 1.3.12
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	N/A	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight

Sample of CLM Report

Security-Vulnerability Thread Image Removed

Space shortcuts

Page tree

Versions Compared

Old Version 1

New Version 2

Key