NOTE: This page is copy of /wiki/spaces/SV/pages/16093480 report created by SECCOM (excluded CVE info); any update should be done on parent page.

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???

Already on latest; no non-vulnerable version available

Status

title	OPEN

2

undertow-core : 2.2.7.Final

5

2.2.14

2.2.14.Final

dcaegen2-collectors-datafile

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

spring-web : 5.3.6

9

7

4

5.3.13

5.3.13 or 5.3.14

Status

title	OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???

Already on latest; no non-vulnerable version available

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

8

1.2.10

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.5

7

2.8.9

Status

title	OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???

Already on latest; no non-vulnerable version available

1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

10

2.12.6

dcaegen2-collectors-hv-ves

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.6

7

2.8.9

dcaegen2-collectors-ves

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.6

7

2.8.9

Status

title	OPEN

2

io.netty : netty-codec-http : 4.1.59.Final

5

4.1.70.Final

4.1.73.Final

Status

title	OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???

Already on latest; no non-vulnerable version available

org.apache.logging.log4j: log4j-core:2.16.0

2.17.1

dcaegen2-platform-mod-genprocessor

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

10

2.12.6

Status

title	OPEN

2

nifi-utils : 1.9.2

5

retain current version due to dependency with upstream nifi version on designer module

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.6

7

2.8.9

POC components; not part of ONAP deployment

Status

title	OPEN

1

com.squareup.okhttp3 : okhttp : 4.0.1

7

4.9.3

POC components; not part of ONAP deployment

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.6

7

2.8.9

POC components; not part of ONAP deployment

Status

title	OPEN

1

com.squareup.okhttp3 : okhttp : 4.0.1

7

4.9.3

POC components; not part of ONAP deployment

Status

title	OPEN

1

io.springfox : springfox-swagger-ui : 2.9.2

9

6

3.0.0

POC components; not part of ONAP deployment

Status

title	OPEN

2

io.springfox : springfox-swagger2 : 2.9.2

5

3.0.0

POC components; not part of ONAP deployment

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

8

1.2.10

Status

title	OPEN

1

org.springframework : spring-web : 5.3.7

9

4

5.3.13

5.3.14

1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

10

2.12.6

Status

title	OPEN

2

io.undertow : undertow-core : 2.2.8.Final

5

2.2.14.Final

org.springframework : spring-webmvc : 5.3.7

6

5.3.14

dcaegen2-services-bbs-event-processor

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

1

com.fasterxml.jackson.core : jackson-databind : 2.11.2

10

2.12.6

org.apache.logging.log4j: log4j-core:2.16.0

2.17.1

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.5

7

2.8.9

Status

title	OPEN

1

xstream : 1.4.16

8

1.4.18

Status

title	OPEN

2

xercesImpl : 2.12.1

5

???

Already on latest; no non-vulnerable version available

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.5

7

2.8.9

Status

title	OPEN

2

undertow-core : 2.2.9.Final

5

4

2.2.14.Final

~~2.2.14.Final~~

2.2.16.Final

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment (Target for J)

Status

title	OPEN

1

org.apache.tomcat.embed : tomcat-embed-websocket : 9.0.48

7

10.1.0M7

Either 10.1.0-M8 or 9.0.56

Status

title	OPEN

1

org.springframework : spring-web : 5.3.8

9

4

5.3.13 RELEASE

5.3.14

dcaegen2-services-sdk

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

Status

title	OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

8

1.2.10

Status

title	OPEN

1

com.google.code.gson : gson : 2.8.5

7

2.8.9

org.springframework : spring-webflux : 5.3.1

6

5.3.14

dcaegen2-services-son-handler

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

10

2.12.6

Status

title	OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

8

1.2.10

Status

title	OPEN

1

org.springframework : spring-web : 5.3.7.RELEASE

9

4

5.3.13 RELEASE

5.3.14

org.springframework : spring-webmvc : 5.3.7

6

5.3.14

Status

title	OPEN

1

org.apache.tomcat.embed : tomcat-embed-core : 9.0.46

6

10.1.0-M7

9.0.50 or 10.1.0-M8

...

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

1

com.fasterxml.jackson.core : jackson-databind : 2.11.0

10

2.12.6

Status

title	OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

8

1.2.10

Status

title	OPEN

1

org.springframework : spring-web : 5.3.7.RELEASE

9

4

5.3.13 RELEASE

5.3.14

org.springframework : spring-webmvc : 5.3.7

6

5.3.14

Status

title	OPEN

2

org.apache.tomcat.embed : tomcat-embed-core : 9.0.46

6

10.1.0-M7

9.0.50 or 10.1.0-M8

...

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment (Target for J)
		com.fasterxml.jackson.core : jackson-databind : 2.10.3	10		2.12.6
		com.squareup.okhttp3 : okhttp : 4.0.1	5		4.9.3
		commons-io : commons-io : 2.4			2.11.0

dcaegen2-platform-ves-openapi-manager

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment (Target for J)
		com.fasterxml.jackson.core : jackson-databind : 2.9.4	10		2.12.6

Versions Compared

Old Version 1

New Version 2

Key

dcaegen2-collectors-datafile

dcaegen2-collectors-hv-ves

dcaegen2-collectors-ves

dcaegen2-platform-mod-genprocessor

dcaegen2-services-bbs-event-processor

dcaegen2-services-sdk

dcaegen2-services-son-handler

dcaegen2-platform-ves-openapi-manager

Page Comparison

Versions Compared

Old Version 1

New Version 2

Key

dcaegen2-collectors-datafile

dcaegen2-collectors-hv-ves

dcaegen2-collectors-ves

dcaegen2-platform-mod-genprocessor

dcaegen2-services-bbs-event-processor

dcaegen2-services-sdk

dcaegen2-services-son-handler

dcaegen2-platform-ves-openapi-manager