Versions Compared

Old Version 1

changes.mady.by.user Vijay Kumar

Saved on

compared with

New Version 2

changes.mady.by.user Vijay Kumar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


NOTE: This page is copy of /wiki/spaces/SV/pages/16093480 report created by SECCOM (excluded CVE info); any update should be done on parent page.


The tables contain the recommended package version upgrades for outdated direct dependencies with Critical or Severe vulnerabilities identified by NexusIQ. These packages must be upgraded by M2/M3 or a request for a waiver must be requested from SECCOM and the TSC.

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???


Status
titleOPEN

2

undertow-core : 2.2.7.Final

5

5

2.2.14


dcaegen2-collectors-datafile

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

spring-web : 5.3.6

9

7

4

5.3.13

Status
titleOPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5???

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.3.0-alpha10

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.5

72.8.9

Status
titleOPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5???

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9

dcaegen2-collectors-ves

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9

Status
titleOPEN

2io.netty : netty-codec-http : 4.1.59.Final54.1.70.Final

Status
titleOPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5???

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

2

nifi-utils : 1.9.2

51.15.0

dcaegen2-platform-mod2-auth

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9

Status
titleOPEN

1com.squareup.okhttp3 : okhttp : 4.0.174.9.3

dcaegen2-platform-mod2-catalog

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9

Status
titleOPEN

1com.squareup.okhttp3 : okhttp : 4.0.174.9.3


Status
titleOPEN

1

io.springfox : springfox-swagger-ui : 2.9.2

9

6

6

3.0.0

Status
titleOPEN

2io.springfox : springfox-swagger2 : 2.9.253.0.0

dcaegen2-platform-mod-runtimeapi

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.3.0-alpha10

Status
titleOPEN

1org.springframework : spring-web : 5.3.7

9

4

5.3.13

Status
titleOPEN

2io.undertow : undertow-core : 2.2.8.Final

5

5

2.2.14.Final

dcaegen2-services-bbs-event-processor

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.5

72.8.9

Status
titleOPEN

1xstream : 1.4.16

8

1.4.18

Status
titleOPEN

2

 xercesImpl : 2.12.15???

dcaegen2-services-pm-mapper

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.5

72.8.9

Status
titleOPEN

2

undertow-core : 2.2.9.Final

5

4

4

2.2.14.Final


...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

org.apache.tomcat.embed : tomcat-embed-websocket : 9.0.48

7

10.1.0M7


Status
titleOPEN

1

org.springframework : spring-web : 5.3.8.RELEASE

9

4

5.3.13 RELEASE


...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.3.0-alpha10

Status
titleOPEN

1

com.google.code.gson : gson : 2.8.5

72.8.9

dcaegen2-services-son-handler

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status
titleOPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.3.0-alpha10

Status
titleOPEN

1

org.springframework : spring-web : 5.3.7.RELEASE

9

4

5.3.13 RELEASE


Status
titleOPEN

1

org.apache.tomcat.embed : tomcat-embed-core : 9.0.46

6

10.1.0-M7


...