Repository | Group | Impact Analysis | Action |
---|---|---|---|
so/libs | com.fasterxml.jackson.core | False positive Jackson: can be an issue if we leave on default typing
| No Action. All of the existing jackson databind have vulnerabilities issues. |
SO | org.eclipse.jetty | Pulled in by Springboot 1.5.13-RELEASE Note: We don't use jetty, but it is impractical to exclude | Planning for a spring boot upgrade to 2.0 in Dublin. |
com.fasterxml.jackson.core | False positive Jackson: can be an issue if we leave on default typing
| No Action All of the existing jackson databind have vulnerabilities issues. | |
ch.qos.logback | Pulled in by Springboot 1.5.13-RELEASE | Planning for a spring boot upgrade to 2.0 in Dublin. | |
org.slf4j | Pulled in by Springboot 1.5.13-RELEASE and also specified by SO | Planning for a spring boot upgrade to 2.0 in Dublin. | |
org.apache.tomcat.embed | Pulled in by Springboot 1.5.13-RELEASE Note: Tomcat CORS is turned off in our application Not really an issue since the feature is turned off. | No Action. Planning for a spring boot upgrade to 2.0 in Dublin. | |
org.apache.commons | Pulled in by Camunda 7.8.0 We aren't using any email features in BPMN. | No Action for Casablanca. File for exception in Casablanca, Upgrade Camunda to 1.9.0 in Dublin | |
org.slf4j-ext | pulled from org.springframework.boot:spring-boot-starter-logging:jar:1.5.13.RELEASE not specified in SO code | ||
jetty-http | no dependency found | ||
logback-classic | pulled from org.springframework.boot:spring-boot-starter-web:jar:1.5.13.RELEASE no direct dependency. | ||
Jquery 1.10.2 | Pulled in by Springboot 1.5.13-RELEASE | Planning for a spring boot upgrade to 2.0 in Dublin. | |
org.springframework.data | Pulled in by Springboot 1.5.13-RELEASE | Planning for a spring boot upgrade to 2.0 in Dublin. | |
org.springframework | Pulled in by Springboot 1.5.13-RELEASE | Planning for a spring boot upgrade to 2.0 in Dublin. | |
com.h2database | This is used for testing purpose only, no feature impact in production; no vulnerable free version yet | No Action for Casablanca | |
commons-fileupload | Pulled in by Springboot 1.5.13-RELEASE | Planning for a spring boot upgrade to 2.0 in Dublin. | |
org.googlecode.libphonenumber | We don't use libphonenumber, but it is impractical to exclude | No Action for Casablanca | |
org.springframework | Pulled in by Springboot 1.5.13-RELEASE | Planning for a spring boot upgrade to 2.0 in Dublin. | |
javax.mail | We don't use javax.mail, but it is impractical to exclude | No Action for Casablanca |
Page Comparison
General
Content
Integrations