...
NOTE: This page is copy of Jakarta London DCAEreport created by SECCOM under DCAEGEN2-3318 (excluded CVE info); any update should be done on parent page.
...
When the status of all direct dependency replacements is
Status | ||||
---|---|---|---|---|
|
Status | ||||
---|---|---|---|---|
|
dcaegen2-analytics-tca-gen2
Status | Priority | Component name and version | Recommended version | Threat level | Recommended versionProject’s assessment | (Target for J)||||||||
COMPLETE | |||||||||||||
| 2 | io.springfox : springfox-swagger2 : 3.0.0 | 5 | ??? | Already on latest; no non-vulnerable version available | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 | |||||
COMPLETE | 1 | io.undertow : |
| 2 | undertow-core : 2.2. | 717.Final | 2. | 2.142.2.143.0.Final |
dcaegen2-collectors-datafile
COMPLETE | 2 | io.springfox : springfox-swagger-ui : 2.10.5 | 3.0.0 | ||||||
COMPLETE | |||||||||
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | ||||
| 1 | spring-web : 5.3.6 | 9 7 4 | 5.3.13 | 5.3.13 or 5.3.14 | ||||
Status | title | OPEN2 | io.springfox : springfox-swagger2 : 3.0.0 | 5 | ??? | Already on latest; no non-vulnerable version available |
---|
...
3.0.0 | SECCOM: 3.0. is the latest version |
dcaegen2-collectors-
...
datafile
Status | Priority | Component name and version | Recommended version | Threat level | Recommended versionProject’s | assessment (Target for J)|||||||||
| 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 8 | 1.2.10 | 1.2.10 | |||||||||
| 1 | com.google.code.gson : gson : 2.8.5 | 7 | 2.8.9 | 2.8.9 | |||||||||
assessment | ||||||||||||||
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 | |||||||||||
COMPLETE | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.65 | 10.1.2 | This is transient dependency from spring-boot; upgraded to tomcat 9.0.65 which is default in the spring-boot 2.7.2. Recommended version requires Springboot-3 and Spring-6 which in turn require Java-17. In London release, version 9.0.72 will be upgraded to. | ||||||||||
COMPLETE | 1 | org.springframework : spring-web : 5.3.22 | 6.0.2 | Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to. | ||||||||||
| 2 | io.springfox : springfox- | swagger2swagger-ui : 3.0.0 | 5 | ??? | Already on latest; no non-vulnerable version available | 3.0.0 | SECCOM: 3.0. is the latest version | ||||||
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version | 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.0 | 10 | 2.12.6 | 2.12.6
dcaegen2-collectors-hv-ves
Status | Priority | Component name and version | CVE | Threat level | Recommended version | Project’s assessment | (Target for J)|||
| 1 | com.google.code.gson : gson : 2.8.6 | 7 | 2.8.9 | 2.8.9 | ||||
No vulnerable components |
onap-dcaegen2-collectors-
...
restconf
Status | Priority | Component name and version | Recommended version | Threat level | Recommended versionProject’s assessment | (Target for J)|||||||||||||||
COMPLETE |
| 1 | com. | googlefasterxml. | codejackson. | gsoncore : | gsonjackson-databind : 2. | 813. | 673 | 2. | 8.92.8.9 | |||||||||
Status | title | OPEN14.1 | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
COMPLETE | 1 | org.codehaus.jettison : jettison : 1.3.7 | 1.5.2 | |||||||||||||||||
COMPLETE | 2 | io. | nettyspringfox : | nettyspringfox- | codecswagger- | httpui : | 42. | 1.5910. | Final5 | 43. | 10. | 70.Final4.1.73.Final | 0 | |||||||
COMPLETE |
| 2 | io.springfox : springfox-swagger2 : 3.0.0 | 5 | ??? | Already on latest; no non-vulnerable version available | org.apache.logging.log4j: log4j-core:2.16.0 | 2.17.1 |
...
3.0.0 | SECCOM: 3.0. is the latest version |
dcaegen2-collectors-ves
Status | Priority | Component name and version | Recommended version | Threat level | Recommended version | Project’s | assessment (Target for J)1 | com.fasterxml.jackson.core : jackson-databind : 2.11.0 | 10 | 2.12.6 | 2.12.6 |
| 2 | nifi-utils : 1.9.2 | 5 | retain current version due to dependency with upstream nifi version on designer moduleassessment | ||||
COMPLETE | 2 | io.springfox : springfox-swagger-ui : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version | ||||||||||||||||
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version |
dcaegen2-platform-
...
mod-
...
genprocessor
Status | Priority | Component name and version | Recommended version | Threat level |
Recommended version
Project’s assessment |
|
| 1 | com. |
fasterxml. |
jackson. |
core : |
jackson-databind : 2. |
11. |
0 | 2. |
14. |
1 | The component will be retired in London release, hence no upgrade is needed. | ||||
|
| 1 |
org. |
apache. |
commons : |
commons-text : 1.7 | 1.10.0 | ||||||||
| 2 | org.apache.nifi : nifi-utils : 1.9.2 | 1.19.0 |
dcaegen2-platform-
...
mod-
...
runtimeapi
Status | Priority | Component name and version | Recommended version | Threat level |
Project’s assessment |
|
| 1 |
com.google.code.gson : gson : 2.8.6
org.yaml : snakeyaml : 1.26 | 1.33 | The component will be retired in London release, hence no upgrade is needed. | |||||
| 2 |
Status | ||
---|---|---|
|
POC components; not part of ONAP deployment
Status | ||
---|---|---|
|
io.springfox : springfox-swagger-ui : |
3. |
9
6
6
0.0 | 3.0.0 |
Status | ||
---|---|---|
|
...
dcaegen2-platform-mod2-helm-generator
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment | ||||||
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.10.3 | 2.14.1 | The component will be retired in London release, hence no upgrade is needed. |
dcaegen2-platform-ves-openapi-manager
Status | Priority | Component name and version |
Recommended version | Threat level |
Recommended version
Project’s |
...
assessment | |||||
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 |
dcaegen2-services-kpi-computation-ms
Status | Priority | Component name and version | Recommended version | Threat level |
Status | ||
---|---|---|
|
Project’s assessment |
COMPLETE |
1 | ch.qos.logback : logback-core : 1.3.0-alpha0 |
Status | ||
---|---|---|
|
9
4
1. |
4.5 | ||
COMPLETE |
1 | com.fasterxml.jackson.core : jackson-databind : 2. |
13. |
3 |
2. |
14. |
Status | ||
---|---|---|
|
1 | ||
COMPLETE | 1 |
io.undertow : undertow-core : 2.2. |
17.Final |
5
52. |
3. |
0.Final |
COMPLETE | 1 | org.springframework : spring- |
web : 5.3. |
20 | 6.0.2 | Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to. |
dcaegen2-services-bbs-event-processor
...
Status
...
Priority
...
Component name and version
...
CVE
...
Threat level
...
Recommended version
...
Project’s assessment
COMPLETE | 2 | org.eclipse.jetty : jetty-server : 9.4.41.v20210516 | 11.0.12 |
dcaegen2-services-mapper
Status | Priority | Component name and version | Recommended version | Threat level |
Recommended version
Project’s |
assessment | ||
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2. |
13. |
3 | 2. |
14. |
Status | ||
---|---|---|
|
1
com.google.code.gson : gson : 2.8.5
Status | ||
---|---|---|
|
8
Status | ||
---|---|---|
|
2
1 | |||||
COMPLETE | 1 | com.thoughtworks.xstream : xstream : 1.4.19 | 1.4.19 | ||
COMPLETE | 1 | org.postgresql : postgresql : 42.3.6 | 42.5.1 | ||
COMPLETE | 2 | io.projectreactor.netty : reactor-netty : 0.9.12.RELEASE | 1.1.0 | ||
COMPLETE | 2 | xerces : |
xercesImpl : 2.12. |
2 | 2.12.2 |
dcaegen2-services-pm-mapper
Status | Priority | Component name and version | Recommended version | Threat level |
Recommended version
Project’s assessment |
COMPLETE |
1 |
com.google.code.gson : gson : 2.8.5
Status | ||
---|---|---|
|
2
io.undertow : undertow-core : 2.2. |
5
4
4
17.Final | 2. |
3.0.Final |
dcaegen2-services-prh
Status | Priority | Component name and version | Recommended version | Threat level |
Project’s |
assessment | |||||
COMPLETE | 1 | org.apache.commons : commons-text : 1.6 | 1.10.0 | ||
COMPLETE |
1 | org.apache.tomcat.embed : tomcat-embed- |
core : 9.0. |
65 | 10.1. |
2 | Recommended version requires Springboot-3 and Spring-6 which in turn require Java-17. In London release, version 9.0.72 will be upgraded to. | |
COMPLETE |
1 | org.springframework : spring-web : 5.3. |
9
4
5.3.13 RELEASE
22 | 6.0.2 | Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to. |
dcaegen2-services-sdk
Status | Priority | Component name and version | Recommended version | Threat level |
Project’s assessment |
COMPLETE |
1 |
com. |
google. |
protobuf : |
protobuf- |
java : |
3. |
Status | ||
---|---|---|
|
1
com.google.code.gson : gson : 2.8.5
21.1 | 4.0.0-rc-2 |
dcaegen2-services-slice-
...
analysis-
...
ms
Status | Priority | Component name and version | Recommended version | Threat level |
Project’s assessment | |||||
COMPLETE | 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 1.4.5 | ||
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2. |
13. |
3 |
2. |
14. |
Status | ||
---|---|---|
|
1
ch.qos.logback : logback-core : 1.3.0-alpha0
1 | |||||
COMPLETE | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.65 | 10.1.2 | Recommended version requires Springboot-3 and Spring-6 which in turn require Java-17. In London release, version 9.0.72 will be upgraded to. | |
COMPLETE | 1 | org. |
postgresql : |
postgresql : |
42.3. |
6 | 42.5.1 | ||
COMPLETE | 1 |
9
4
5.3.13 RELEASE
org.springframework : spring- |
web : 5.3. |
20 | 6.0.2 | Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to. |
COMPLETE |
2 |
1
org. |
eclipse. |
jetty : |
jetty- |
server : 9. |
6
10.1.0-M7
4.41.v20210516 | 11.0.12 |
dcaegen2-services-
...
son-
...
handler
Status | Priority | Component name and version | Recommended version | Threat level |
Project’s assessment | |||||
COMPLETE | 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 1.4.5 | ||
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2. |
13. |
3 |
2. |
14. |
Status | ||
---|---|---|
|
1
ch.qos.logback : logback-core : 1.3.0-alpha0
1 | |||||
COMPLETE | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.65 | 10.1.2 | Recommended version requires Springboot-3 and Spring-6 which in turn require Java-17. In London release, version 9.0.72 will be upgraded to. | |
COMPLETE | 1 | org. |
postgresql : |
postgresql : |
42.3. |
9
4
5.3.13 RELEASE
6 | 42.5.1 | ||
COMPLETE | 1 |
org.springframework : spring- |
web : 5.3. |
20 | 6.0.2 | Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to. |
COMPLETE | 2 |
io. |
projectreactor. |
netty : |
reactor- |
netty : 0.9. |
12. |
RELEASE |
1 |
.1.0 |
dcaegen2-platform-mod2-helmgenerator
...
Status
...
Priority
...
Component name and version
...
Threat level
...
Recommended version
...
Project’s assessment (Target for J)
COMPLETE | 2 | org.eclipse.jetty : jetty-server : 9.4.40.v20210413 | 11.0.12 |
The following had no violations (or no direct violations):
- dcaegen2-deployments
- dcaegen2-platform-adapter-acumos
- dcaegen2-platform-mod-designtool
- dcaegen2-platform-mod-distributorapi
- dcaegen2-platform-mod-onboardingapi
dcaegen2-platform-mod2-catalog-service
dcaegen2-platform-mod2-auth-service
- dcaegen2-platform-mod2-ui
- dcaegen2-services-heartbeat
- dcaegen2-utils
- dcaegen2
...
com.fasterxml.jackson.core : jackson-databind : 2.10.3
...
com.squareup.okhttp3 : okhttp : 4.0.1
...
dcaegen2-platform-ves-openapi-manager
...
Status
...
Priority
...
Component name and version
...
Threat level
...
Recommended version
...
Project’s assessment (Target for J)
...
com.fasterxml.jackson.core : jackson-databind : 2.9.4
...