NOTE: This page is copy of /wiki/spaces/SV/pages/16093480 report created by SECCOM (excluded CVE info); any update should be done on parent page.

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???

Already on latest; no non-vulnerable version available

Status

title	OPEN

2

undertow-core : 2.2.7.Final

5

2.2.14

2.2.14.Final

dcaegen2-collectors-datafile

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

spring-web : 5.3.6

9

7

4

5.3.13

5.3.13 or 5.3.14

Status

title	OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???

Already on latest; no non-vulnerable version available

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

8

1.2.10

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.5

7

2.8.9

Status

title	OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???

Already on latest; no non-vulnerable version available

1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

10

2.12.6

dcaegen2-collectors-hv-ves

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.6

7

2.8.9

dcaegen2-collectors-ves

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.6

7

2.8.9

Status

title	OPEN

2

io.netty : netty-codec-http : 4.1.59.Final

5

4.1.70.Final

4.1.73.Final

Status

title	OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???

Already on latest; no non-vulnerable version available

org.apache.logging.log4j: log4j-core:2.16.0

2.17.1

dcaegen2-platform-mod-genprocessor

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

10

2.12.6

Status

title	OPEN

2

nifi-utils : 1.9.2

5

1.15.0

1.15.2

dcaegen2-platform-mod2-auth

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.6

7

2.8.9

POC components; not part of ONAP deployment

Status

title	OPEN

1

com.squareup.okhttp3 : okhttp : 4.0.1

7

4.9.3

POC components; not part of ONAP deployment

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.6

7

2.8.9

POC components; not part of ONAP deployment

Status

title	OPEN

1

com.squareup.okhttp3 : okhttp : 4.0.1

7

4.9.3

POC components; not part of ONAP deployment

Status

title	OPEN

1

io.springfox : springfox-swagger-ui : 2.9.2

9

6

3.0.0

POC components; not part of ONAP deployment

Status

title	OPEN

2

io.springfox : springfox-swagger2 : 2.9.2

5

3.0.0

POC components; not part of ONAP deployment

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

8

1.2.10

Status

title	OPEN

1

org.springframework : spring-web : 5.3.7

9

4

5.3.13

5.3.14

1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

10

2.12.6

Status

title	OPEN

2

io.undertow : undertow-core : 2.2.8.Final

5

2.2.14.Final

org.springframework : spring-webmvc : 5.3.7

6

5.3.14

dcaegen2-services-bbs-event-processor

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

1

com.fasterxml.jackson.core : jackson-databind : 2.11.2

10

2.12.6

org.apache.logging.log4j: log4j-core:2.16.0

2.17.1

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.5

7

2.8.9

Status

title	OPEN

1

xstream : 1.4.16

8

1.4.18

Status

title	OPEN

2

xercesImpl : 2.12.1

5

???

Already on latest; no non-vulnerable version available

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.5

7

2.8.9

Status

title	OPEN

2

undertow-core : 2.2.9.Final

5

4

2.2.14.Final

~~2.2.14.Final~~

2.2.16.Final

dcaegen2-services-prh

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

org.apache.tomcat.embed : tomcat-embed-websocket : 9.0.48

7

10.1.0M7

Either 10.1.0-M8 or 9.0.56

Status

title	OPEN

1

org.springframework : spring-web : 5.3.8

9

4

5.3.13 RELEASE

5.3.14

dcaegen2-services-sdk

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status

title	OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

8

1.2.10

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.5

7

2.8.9

org.springframework : spring-webflux : 5.3.1

6

5.3.14

dcaegen2-services-son-handler

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

10

2.12.6

Status

title	OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

8

1.2.10

Status

title	OPEN

1

org.springframework : spring-web : 5.3.7.RELEASE

9

4

5.3.13 RELEASE

5.3.14

org.springframework : spring-webmvc : 5.3.7

6

5.3.14

Status

title	OPEN

1

org.apache.tomcat.embed : tomcat-embed-core : 9.0.46

6

10.1.0-M7

9.0.50 or 10.1.0-M8

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

10

2.12.6

Status

title	OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

8

1.2.10

Status

title	OPEN

1

org.springframework : spring-web : 5.3.7.RELEASE

9

4

5.3.13 RELEASE

5.3.14

org.springframework : spring-webmvc : 5.3.7

6

5.3.14

Status

title	OPEN

2

org.apache.tomcat.embed : tomcat-embed-core : 9.0.46

6

10.1.0-M7

9.0.50 or 10.1.0-M8

...

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment (Target for J)
		com.fasterxml.jackson.core : jackson-databind : 2.10.3	10		2.12.6
		com.squareup.okhttp3 : okhttp : 4.0.1	5		4.9.3
		commons-io : commons-io : 2.4			2.11.0

dcaegen2-platform-ves-openapi-manager

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment (Target for J)
		com.fasterxml.jackson.core : jackson-databind : 2.9.4	10		2.12.6

Versions Compared

Old Version 5

New Version 6

Key

dcaegen2-collectors-datafile

dcaegen2-collectors-hv-ves

dcaegen2-collectors-ves

dcaegen2-platform-mod-genprocessor

dcaegen2-platform-mod2-auth

dcaegen2-services-bbs-event-processor

dcaegen2-services-prh

dcaegen2-services-sdk

dcaegen2-services-son-handler

dcaegen2-platform-ves-openapi-manager

Page Comparison

Versions Compared

Old Version 5

New Version 6

Key

dcaegen2-collectors-datafile

dcaegen2-collectors-hv-ves

dcaegen2-collectors-ves

dcaegen2-platform-mod-genprocessor

dcaegen2-platform-mod2-auth

dcaegen2-services-bbs-event-processor

dcaegen2-services-prh

dcaegen2-services-sdk

dcaegen2-services-son-handler

dcaegen2-platform-ves-openapi-manager