logging-analytics
pomba-aai-context-builder
pomba-context-aggregator
pomba-network-discovery-context-builder
pomba-sdc-context-builder
- false positive - we don't use this part of the library
- still no version of jackson is safe
- jackson-databind is pulled in by:
For network-discovery-context-builder: org.springframework.boot:spring-boot-starter-web:jar:1.5.17.RELEASE:compile
For aai-context-builder: org.springframework.boot:spring-boot-starter-web:jar:1.5.17.RELEASE:compile
For context-aggregator: org.onap.dmaap.messagerouter.dmaapclient:dmaapClient:jar:1.1.5:compile
- tracking this issue with the following JIRA
LOG-826 - Logging/POMBA CLM: fix/address/red-flag jackson-databind-2.8.11.3 SEC Open
- false positive - we don't use this part of the library
- Still no version of jackson is safe
- Also implementing library is a non-deployed demo library - with no use in any deployed docker image right now
- tracking this issue with the following JIRA
- false positive - we don't use this part of the library
- as no version of jackson is safe
- tracking this issue with following JIRA
- false positive - we don't use this part of the library
- Also implementing library is a non-deployed demo library - with no use in any deployed docker image right now
- Need to upgrade to or above 4.0.0
LOG-827 - Logging/POMBA CLM: fix/address/red-flag handlebars-2.0.0.js SEC - upgrade to 4.0.0+ Open
- Don't see it in the report, will close LOG-828
WIll close LOG-828
- Don't see it in the report, will close LOG-846
Will close LOG-846
- DMaaP usage related
- no version of struts-core is safe
- tracking this issue with the following JIRA
- No issue
- DMaaP usage related
- should update to a newer version
- tracking this issue with the following JIRA
- False Positive; pulled in by Springboot, indirect dependency
- no version of commons-beanutils is safe
- tracking this issue with following JIRA
- No issue
- No issue
pomba-aai-context-builder
pomba-context-aggregator
pomba-network-discovery-context-builder
pomba-sdc-context-builder
pomba-sdnc-context-builder
- Upgrade to version 8.5.42- upgrade planned for El Alto
- tracking this issue with the following JIRA
pomba-sdc-context-builder
pomba-sdnc-context-builder
- No version has policy threat below 6 at the moment
- tracking this issue with the following JIRA
pomba-aai-context-builder
pomba-context-aggregator
pomba-network-discovery-context-builder
pomba-sdc-context-builder
pomba-sdnc-context-builder
- Upgrade to version 9.4.13.v20181111 - upgrade planned for El Alto
- tracking this issue with the following JIRA
pomba-aai-context-builder
pomba-context-aggregator
pomba-network-discovery-context-builder
pomba-sdc-context-builder
pomba-sdnc-context-builder
- Upgrade to version
- tracking this issue with the following JIRA
pomba-network-discovery-context-builder
pomba-sdnc-context-builder
- Upgrade to version 1.2.3 - upgrade planned for El Alto
- tracking this issue with the following JIRA
- Upgrade to version 2.23.1 - upgrade planned for El Alto
- tracking this issue with the following JIRA