Repository | Group | Impact Analysis | Action |
logging-analytics pomba-aai-context-builder pomba-context-aggregator pomba-network-discovery-context-builder pomba-sdc-context-builder pomba-sdnc-context-builder | com.fasterxml.jackson.core | - false positive - we don't use this part of the library
- still no version of jackson is safe
- jackson-databind is pulled in by:
For network-discovery-context-builder: org.springframework.boot:spring-boot-starter-web:jar:1.5.17.RELEASE:compile For aai-context-builder: org.springframework.boot:spring-boot-starter-web:jar:1.5.17.RELEASE:compile For context-aggregator: org.onap.dmaap.messagerouter.dmaapclient:dmaapClient:jar:1.1.5:compile
| - tracking this issue with the following JIRA
LOG-826 - Logging/POMBA CLM: fix/address/red-flag jackson-databind-2.8.11.3 SEC Open |
logging-analytics | com.fasterxml.jackson.core | - false positive - we don't use this part of the library
- Still no version of jackson is safe
- Also implementing library is a non-deployed demo library - with no use in any deployed docker image right now
| - tracking this issue with the following JIRA
LOG-1060
-
Getting issue details...
STATUS
|
pomba-audit-common | com.fasterxml.jackson.core | - false positive - we don't use this part of the library
- as no version of jackson is safe
| - tracking this issue with following JIRA
LOG-1061
-
Getting issue details...
STATUS
|
logging-analytics | org.glassfish.hk2.external | - false positive - we don't use this part of the library
- Also implementing library is a non-deployed demo library - with no use in any deployed docker image right now
| No action |
pomba-sdnc-context-builder pomba-sdnc-context-builder | handelbars | - Need to upgrade to or above 4.0.0
| LOG-827 - Logging/POMBA CLM: fix/address/red-flag handlebars-2.0.0.js SEC - upgrade to 4.0.0+ Open |
pomba-network-discovery-context-builder pomba-sdnc-context-builder | stipsan/uikit (swagger) | - Don't see it in the report, will close LOG-828
| WIll close LOG-828
LOG-828
-
Getting issue details...
STATUS
|
pomba-sdnc-context-builder | logback-classic | - Don't see it in the report, will close LOG-846
| Will close LOG-846
LOG-846
-
Getting issue details...
STATUS
|
pomba-sdnc-context-builder | struts-core | - DMaaP usage related
- no version of struts-core is safe
| - tracking this issue with the following JIRA
LOG-1062
-
Getting issue details...
STATUS
|
pomba-sdnc-context-builder | struts-taglib | | No action |
pomba-sdnc-context-builder | org.codehaus.plexus | - DMaaP usage related
- should update to a newer version
| - tracking this issue with the following JIRA
LOG-1063
-
Getting issue details...
STATUS
|
pomba-sdnc-context-builder | dom4j | - False Positive; pulled in by Springboot, indirect dependency
| No action |
pomba-sdnc-context-builder | commons-beanutils | - no version of commons-beanutils is safe
| - tracking this issue with following JIRA
LOG-1064
-
Getting issue details...
STATUS
|
pomba-sdnc-context-builder | org.apache.ant | | No action |
pomba-sdnc-context-builder | org.jsoup | | No action |
logging-analytics pomba-aai-context-builder pomba-context-aggregator pomba-network-discovery-context-builder pomba-sdc-context-builder pomba-sdnc-context-builder | org.apache.tomcat.embed | - Upgrade to version 8.5.42- upgrade planned for El Alto
| - tracking this issue with the following JIRA
LOG-1066
-
Getting issue details...
STATUS
|
logging-analytics pomba-sdc-context-builder pomba-sdnc-context-builder | commons-codec | - No version has policy threat below 6 at the moment
| - tracking this issue with the following JIRA
LOG-1067
-
Getting issue details...
STATUS
|
pomba-aai-context-builder pomba-context-aggregator pomba-network-discovery-context-builder pomba-sdc-context-builder pomba-sdnc-context-builder | org.eclipse.jetty | - Upgrade to version 9.4.13.v20181111 - upgrade planned for El Alto
| - tracking this issue with the following JIRA
LOG-1068
-
Getting issue details...
STATUS
|
pomba-aai-context-builder pomba-context-aggregator pomba-network-discovery-context-builder pomba-sdc-context-builder pomba-sdnc-context-builder | org.eclipse.jetty | 9.4.13.v20181111 - upgrade planned for El Alto | - tracking this issue with the following JIRA
LOG-1069
-
Getting issue details...
STATUS
|
pomba-context-aggregator pomba-network-discovery-context-builder pomba-sdnc-context-builder | ch.qos.logback | - Upgrade to version 1.2.3 - upgrade planned for El Alto
| - tracking this issue with the following JIRA
LOG-1070
-
Getting issue details...
STATUS
|
pomba-sdnc-context-builder | org.apache.camel | - Upgrade to version 2.23.1 - upgrade planned for El Alto
| - tracking this issue with the following JIRA
LOG-1071
-
Getting issue details...
STATUS
|