NOTE: This page is copy of London DCAE report created by SECCOM under DCAEGEN2-3318 (excluded CVE info); any update should be done on parent page.
The tables contain the recommended package version upgrades for outdated direct dependencies with Critical or Severe vulnerabilities identified by NexusIQ. These packages must be upgraded by M2/M3 or a request for a waiver must be requested from SECCOM and the TSC.
When the upgrade of the package is complete change the status in the table to .
If a waiver is granted, change the status to .
When the status of all direct dependency replacements is or , the Jira ticket should be closed.
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 | ||
COMPLETE | 1 | io.undertow : undertow-core : 2.2.17.Final | 2.3.0.Final | ||
COMPLETE | 2 | io.springfox : springfox-swagger-ui : 2.10.5 | 3.0.0 | ||
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
IN PROGRESS | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 | ||
IN PROGRESS | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.65 | 10.1.2 | This is transient dependency from spring-boot; upgraded to tomcat 9.0.65 which is default in the spring-boot 2.7.2 | |
IN PROGRESS | 1 | org.springframework : spring-web : 5.3.22 | 6.0.2 | ||
2 | io.springfox : springfox-swagger-ui : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version | ||
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version |
Status | Priority | Component name and version | CVE | Threat level | Recommended version | Project’s assessment |
No vulnerable components |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 | ||
COMPLETE | 1 | org.codehaus.jettison : jettison : 1.3.7 | 1.5.2 | ||
COMPLETE | 2 | io.springfox : springfox-swagger-ui : 2.10.5 | 3.0.0 | ||
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 2 | io.springfox : springfox-swagger-ui : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version | |
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
OPEN | 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.0 | 2.14.1 | ||
OPEN | 1 | org.apache.commons : commons-text : 1.7 | 1.10.0 | ||
OPEN | 2 | org.apache.nifi : nifi-utils : 1.9.2 | 1.19.0 |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
OPEN | 1 | org.yaml : snakeyaml : 1.26 | 1.33 | ||
2 | io.springfox : springfox-swagger-ui : 3.0.0 | 3.0.0 |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
OPEN | 1 | com.fasterxml.jackson.core : jackson-databind : 2.10.3 | 2.14.1 |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
IN PROGRESS | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
OPEN | 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 1.4.5 | ||
OPEN | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 | ||
OPEN | 1 | io.undertow : undertow-core : 2.2.17.Final | 2.3.0.Final | ||
OPEN | 1 | org.springframework : spring-web : 5.3.20 | 6.0.2 | ||
OPEN | 2 | org.eclipse.jetty : jetty-server : 9.4.41.v20210516 | 11.0.12 |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 | ||
COMPLETE | 1 | com.thoughtworks.xstream : xstream : 1.4.19 | 1.4.19 | ||
COMPLETE | 1 | org.postgresql : postgresql : 42.3.6 | 42.5.1 | ||
COMPLETE | 2 | io.projectreactor.netty : reactor-netty : 0.9.12.RELEASE | 1.1.0 | ||
COMPLETE | 2 | xerces : xercesImpl : 2.12.2 | 2.12.2 |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
IN PROGRESS | 1 | io.undertow : undertow-core : 2.2.17.Final | 2.3.0.Final |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
OPEN | 1 | org.apache.commons : commons-text : 1.6 | 1.10.0 | ||
OPEN | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.65 | 10.1.2 | ||
OPEN | 1 | org.springframework : spring-web : 5.3.22 | 6.0.2 |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
OPEN | 1 | com.google.protobuf : protobuf-java : 3.21.1 | 4.0.0-rc-2 |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
OPEN | 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 1.4.5 | ||
OPEN | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 | ||
OPEN | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.65 | 10.1.2 | ||
OPEN | 1 | org.postgresql : postgresql : 42.3.6 | 42.5.1 | ||
OPEN | 1 | org.springframework : spring-web : 5.3.20 | 6.0.2 | ||
OPEN | 2 | org.eclipse.jetty : jetty-server : 9.4.41.v20210516 | 11.0.12 |
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
OPEN | 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 1.4.5 | ||
OPEN | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 | ||
OPEN | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.65 | 10.1.2 | ||
OPEN | 1 | org.postgresql : postgresql : 42.3.6 | 42.5.1 | ||
OPEN | 1 | org.springframework : spring-web : 5.3.20 | 6.0.2 | ||
OPEN | 2 | io.projectreactor.netty : reactor-netty : 0.9.12.RELEASE | 1.1.0 | ||
OPEN | 2 | org.eclipse.jetty : jetty-server : 9.4.40.v20210413 | 11.0.12 |
dcaegen2-platform-mod2-catalog-service
dcaegen2-platform-mod2-auth-service