Versions Compared

Old Version 1

changes.mady.by.user Vijay Venkatesh Kumar

Saved on

compared with

New Version Current

changes.mady.by.user Kedar Ambekar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

NOTE: This page is copy of Jakarta London DCAEreport created by SECCOM under DCAEGEN2-3318 (excluded CVE info); any update should be done on parent page.

...

When the status of all direct dependency replacements is

Status
colourGreen
titleComplete
or
Status
colourYellow
titleWaiver
, the Jira ticket should be closed.

dcaegen2-analytics-tca-gen2

Recommended version (Target for J)status7

5

52.142.2.14

Status

Priority

Component name and version

Recommended version

Threat level

Project’s assessment

COMPLETE

titleOPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???

Already on latest; no non-vulnerable version available1com.fasterxml.jackson.core : jackson-databind : 2.13.32.14.1

COMPLETE

1io.undertow :

Status
titleOPEN

2

 undertow-core : 2.2.17.Final2.3.0.Final

dcaegen2-collectors-datafile

OPEN


COMPLETE

2io.springfox : springfox-swagger-ui : 2.10.53.0.0

COMPLETE

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status
titleOPEN

1

spring-web : 5.3.6

9

7

4

5.3.135.3.13 or 5.3.14
Status
title

2io.springfox : springfox-swagger2 : 3.0.05???Already on latest; no non-vulnerable version available

...

3.0.0
SECCOM: 3.0. is the latest version

dcaegen2-collectors-

...

datafile

Recommended version assessment (Target for J)swagger2 2.12.6

Status

Priority

Component name and version

Recommended version

Threat level

Project’s

Status
titleOPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.2.101.2.10

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.5

72.8.92.8.9

 assessment

COMPLETE

1com.fasterxml.jackson.core : jackson-databind : 2.13.32.14.1


COMPLETE

1org.apache.tomcat.embed : tomcat-embed-core : 9.0.6510.1.2

This is transient dependency from spring-boot; upgraded to tomcat 9.0.65 which is default in the spring-boot 2.7.2.

Recommended version requires Springboot-3 and Spring-6 which in turn require Java-17. In London release, version 9.0.72 will be upgraded to.

COMPLETE

1org.springframework : spring-web : 5.3.226.0.2

Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to.


COMPLETE

Status
titleOPEN

2io.springfox : springfox-swagger-ui : 3.0.05???Already on latest; no non-vulnerable version available3.0.0
SECCOM: 3.0. is the latest version

COMPLETE

2io.springfox : springfox-swagger2 : 3.0.03.0.0
SECCOM: 3.0. is the latest version1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

102.12.6

dcaegen2-collectors-hv-ves

(Target for J)

Status

Priority

Component name and version

CVE

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.6

72.8.92.8.9







No vulnerable components

onap-dcaegen2-collectors-

...

restconf

Recommended version (Target for J)googlecodegson gson 8678.9OPENnetty nettycodechttp 41.59Final4170.Final

Status

Priority

Component name and version

Recommended version

Threat level

Project’s assessment

COMPLETE

Status
titleOPEN

1com.fasterxml.jackson.core : jackson-databind : 2.13.32.2.8.9
Status
title14.1


COMPLETE

1org.codehaus.jettison : jettison : 1.3.71.5.2


COMPLETE

2io.springfox : springfox-swagger-ui : 2.10.53.0.4.1.73.Final0


COMPLETE

Status
titleOPEN

2io.springfox : springfox-swagger2 : 3.0.05???Already on latest; no non-vulnerable version availableorg.apache.logging.log4j: log4j-core:2.16.02.17.1

...

3.0.0

SECCOM: 3.0. is the latest version

dcaegen2-collectors-ves

assessment (Target for J)retain current version due to dependency with upstream nifi version on designer module

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s

1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

102.12.62.12.6

Status
titleOPEN

2

nifi-utils : 1.9.2

5

 assessment

COMPLETE

2io.springfox : springfox-swagger-ui : 3.0.03.0.0
SECCOM: 3.0. is the latest version

COMPLETE

2io.springfox : springfox-swagger2 : 3.0.03.0.0
SECCOM: 3.0. is the latest version

dcaegen2-platform-

...

mod-

...

genprocessor

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

 (Target for J)

Status
colourYellow
title

OPEN

Waiver

1com.
google
fasterxml.
code
jackson.
gson
core :
gson
jackson-databind : 2.
8
11.
67
02.
8
14.
9POC components; not part of ONAP deployment
1

The component will be retired in London release, hence no upgrade is needed.

Status
colourYellow
title

OPEN

Waiver

1
com
org.
squareup
apache.
okhttp3
commons :
okhttp : 4.0.1
commons-text : 1.71.10.0

Status
colourYellow
titleWaiver

2org.apache.nifi : nifi-utils : 1.9.21.19.0
74.9.3POC components; not part of ONAP deployment

dcaegen2-platform-

...

mod-

...

runtimeapi

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

 (Target for J)

Status
colourYellow
title

OPEN

Waiver

1

com.google.code.gson : gson : 2.8.6

72.8.9POC components; not part of ONAP deployment
org.yaml : snakeyaml : 1.261.33

The component will be retired in London release, hence no upgrade is needed.


Status
colourYellow
titleWaiver

2

Status
titleOPEN

1com.squareup.okhttp3 : okhttp : 4.0.174.9.3

POC components; not part of ONAP deployment

Status
titleOPEN

1
io.springfox : springfox-swagger-ui :
2
3.
9.2

9

6

6

0.03.0.0
POC components; not part of ONAP deployment

Status
titleOPEN

2io.springfox : springfox-swagger2 : 2.9.253.0.0POC components; not part of ONAP deployment

...


dcaegen2-platform-mod2-helm-generator

Status

Priority

Component name and version

Recommended version

Threat level

Project’s assessment

Status
colourYellow
titleWaiver

1com.fasterxml.jackson.core : jackson-databind : 2.10.3 2.14.1


The component will be retired in London release, hence no upgrade is needed.

dcaegen2-platform-ves-openapi-manager

Status

Priority

Component name and version

CVE

Recommended version

Threat level

Recommended version

Project’s

assessment  (Target for J)

...

 assessment

COMPLETE

1com.fasterxml.jackson.core : jackson-databind : 2.13.3 2.14.1



dcaegen2-services-kpi-computation-ms

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Status
titleOPEN

Project’s assessment

 (Target for J)

COMPLETE

1ch.qos.logback : logback-core : 1.3.0-alpha0
81.2.10

Status
titleOPEN

1org.springframework : spring-web : 5.3.7

9

4

5.3.135.3.14
1.
2.10
4.5

COMPLETE

1com.fasterxml.jackson.core : jackson-databind : 2.
11
13.
0
3
10
2.
12
14.
62.12.6

Status
titleOPEN

1

COMPLETE

1
2
io.undertow : undertow-core : 2.2.
8
17.Final

5

5
2.
2
3.
14
0.Final
2.2.14.Final


COMPLETE

1org.springframework : spring-
webmvc
web : 5.3.
7
206.0.2
Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to.
14

dcaegen2-services-bbs-event-processor

...

Status

...

Priority

...

Component name and version

...

CVE

...

Threat level

...

Recommended version

...

Project’s assessment

COMPLETE

2org.eclipse.jetty : jetty-server : 9.4.41.v2021051611.0.12

dcaegen2-services-mapper

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s

assessment (Target for J)

 assessment

COMPLETE

1com.fasterxml.jackson.core : jackson-databind : 2.
11
13.
210
32.
12
14.
62.12.6org.apache.logging.log4j: log4j-core:2.16.02.17.1

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.5

72.8.92.8.9

Status
titleOPEN

1xstream : 1.4.16

8

1.4.181.4.18

Status
titleOPEN

2

1

COMPLETE

1com.thoughtworks.xstream : xstream : 1.4.191.4.19

COMPLETE

1org.postgresql : postgresql : 42.3.642.5.1

COMPLETE

2io.projectreactor.netty : reactor-netty : 0.9.12.RELEASE1.1.0

COMPLETE

2xerces :
 
xercesImpl : 2.12.
15???Already on latest; no non-vulnerable version available
22.12.2

dcaegen2-services-pm-mapper

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

(Target for J)

COMPLETE

StatustitleOPEN

1

com.google.code.gson : gson : 2.8.5

72.8.92.8.9

Status
titleOPEN

2

io.undertow : undertow-core : 2.2.
9.Final

5

4

4

2.2.14
17.Final2.
2.14.Final2.2.16.
3.0.Final


dcaegen2-services-prh

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s

assessment (Target for J)

 assessment

COMPLETE

1org.apache.commons : commons-text : 1.61.10.0

COMPLETE

StatustitleOPEN

1org.apache.tomcat.embed : tomcat-embed-
websocket
core : 9.0.
487
6510.1.
0M7
2

Recommended version requires Springboot-3 and Spring-6 which in turn require Java-17. In London release, version 9.0.72 will be upgraded to.

COMPLETE

Either 10.1.0-M8 or  9.0.56  StatustitleOPEN

1org.springframework : spring-web : 5.3.
8

9

4

5.3.13 RELEASE

5.3.14
226.0.2
Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to.

dcaegen2-services-sdk

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

Statustitle

COMPLETE

OPEN
1
ch
com.
qos
google.
logback
protobuf :
logback
protobuf-
core
java :
1.
3.
0-alpha081.2.101.2.10

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.5

72.8.92.8.9org.springframework : spring-webflux : 5.3.165.3.14
21.14.0.0-rc-2

dcaegen2-services-slice-

...

analysis-

...

ms

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

COMPLETE

1ch.qos.logback : logback-core : 1.3.0-alpha01.4.5

COMPLETE

1com.fasterxml.jackson.core : jackson-databind : 2.
11
13.
0
3
10
2.
12
14.
62.12.6

Status
titleOPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.2.101.2.10 StatustitleOPEN
1

COMPLETE

1org.apache.tomcat.embed : tomcat-embed-core : 9.0.6510.1.2
Recommended version requires Springboot-3 and Spring-6 which in turn require Java-17. In London release, version 9.0.72 will be upgraded to.

COMPLETE

1org.
springframework
postgresql :
spring-web
postgresql :
5
42.3.
7.RELEASE
642.5.1

COMPLETE

1

9

4

5.3.13 RELEASE

5.3.14
org.springframework : spring-
webmvc
web : 5.3.
7
206.0.2
Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to.
14
status

COMPLETE

title
2
OPEN

1

org.
apache
eclipse.
tomcat.embed
jetty :
tomcat
jetty-
embed-core
server : 9.
0.46

6

10.1.0-M7

9.0.50 or 10.1.0-M8
4.41.v2021051611.0.12

dcaegen2-services-

...

son-

...

handler

Status

Priority

Component name and version

Recommended version

Threat level

Recommended version

Project’s assessment

COMPLETE

1ch.qos.logback : logback-core : 1.3.0-alpha01.4.5

COMPLETE

1com.fasterxml.jackson.core : jackson-databind : 2.
11
13.
0
3
10
2.
12
14.
62.12.6

Status
titleOPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.2.101.2.10 StatustitleOPEN
1

COMPLETE

1org.apache.tomcat.embed : tomcat-embed-core : 9.0.6510.1.2
Recommended version requires Springboot-3 and Spring-6 which in turn require Java-17. In London release, version 9.0.72 will be upgraded to.

COMPLETE

1org.
springframework
postgresql :
spring-web
postgresql :
5
42.3.
7.RELEASE

9

4

5.3.13 RELEASE

642.5.1

COMPLETE

1
5.3.14
org.springframework : spring-
webmvc
web : 5.3.
7
206.0.2
Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to.
14
StatustitleOPEN

COMPLETE

2
org
io.
apache
projectreactor.
tomcat.embed
netty :
tomcat
reactor-
embed-core
netty : 0.9.
0
12.
466
RELEASE
10.
1
.0-M79.0.50 or 10
.1.0
-M8

dcaegen2-platform-mod2-helmgenerator

...

Status

...

Priority

...

Component name and version

...

Threat level

...

Recommended version

...

Project’s assessment (Target for J)



COMPLETE

2org.eclipse.jetty : jetty-server : 9.4.40.v2021041311.0.12

The following had no violations (or no direct violations): 

  • dcaegen2-deployments
  • dcaegen2-platform-adapter-acumos
  • dcaegen2-platform-mod-designtool
  • dcaegen2-platform-mod-distributorapi 
  • dcaegen2-platform-mod-onboardingapi

  • dcaegen2-platform-mod2-catalog-service

  • dcaegen2-platform-mod2-auth-service

  • dcaegen2-platform-mod2-ui
  • dcaegen2-services-heartbeat
  • dcaegen2-utils
  • dcaegen2

...

com.fasterxml.jackson.core : jackson-databind : 2.10.3

...

com.squareup.okhttp3 : okhttp : 4.0.1

...

dcaegen2-platform-ves-openapi-manager

...

Status

...

Priority

...

Component name and version

...

Threat level

...

Recommended version

...

Project’s assessment (Target for J)

...

com.fasterxml.jackson.core : jackson-databind : 2.9.4

...