...

NOTE: This page is copy of /wiki/spaces/SV/pages/16094094 report created by SECCOM under DCAEGEN2-3318 (excluded CVE info); any update should be done on parent page.

...

When the status of all direct dependency replacements is

Status

colour	Green
title	Complete

or

Status

colour	Yellow
title	Waiver

, the Jira ticket should be closed.

dcaegen2-analytics-tca-gen2

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	com.fasterxml.jackson.core : jackson-databind : 2.13.3	2.14.1
OPEN	1	io.undertow : undertow-core : 2.2.17.Final	2.3.0.Final
OPEN	2	io.springfox : springfox-swagger-ui : 2.10.5	3.0.0
COMPLETE	2	io.springfox : springfox-swagger2 : 3.0.0	3.0.0		SECCOM: 3.0. is the latest version

dcaegen2-collectors-datafile

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	com.fasterxml.jackson.core : jackson-databind : 2.13.3	2.14.1
OPEN	1	org.apache.tomcat.embed : tomcat-embed-core : 9.0.65	10.1.2		This is transient dependency from spring-boot; upgraded to tomcat 9.0.65 which is default in the spring-boot 2.7.2
OPEN	1	org.springframework : spring-web : 5.3.22	6.0.2
COMPLETE	2	io.springfox : springfox-swagger-ui : 3.0.0	3.0.0		SECCOM: 3.0. is the latest version
COMPLETE	2	io.springfox : springfox-swagger2 : 3.0.0	3.0.0		SECCOM: 3.0. is the latest version

dcaegen2-collectors-hv-ves

Status	Priority	Component name and version	CVE	Threat level	Recommended version	Project’s assessment
						No vulnerable components

onap-dcaegen2-collectors-restconf

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	com.fasterxml.jackson.core : jackson-databind : 2.13.3	2.14.1
OPEN	1	org.codehaus.jettison : jettison : 1.3.7	1.5.2
OPEN	2	io.springfox : springfox-swagger-ui : 2.10.5	3.0.0
COMPLETE	2	io.springfox : springfox-swagger2 : 3.0.0	3.0.0		SECCOM: 3.0. is the latest version

dcaegen2-collectors-ves

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
COMPLETE	2	io.springfox : springfox-swagger-ui : 3.0.0	3.0.0		SECCOM: 3.0. is the latest version
COMPLETE	2	io.springfox : springfox-swagger2 : 3.0.0	3.0.0		SECCOM: 3.0. is the latest version

dcaegen2-platform-mod-genprocessor

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	com.fasterxml.jackson.core : jackson-databind : 2.11.0	2.14.1
OPEN	1	org.apache.commons : commons-text : 1.7	1.10.0
OPEN	2	org.apache.nifi : nifi-utils : 1.9.2	1.19.0

dcaegen2-platform-mod-runtimeapi

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	org.yaml : snakeyaml : 1.26	1.33
	2	io.springfox : springfox-swagger-ui : 3.0.0	3.0.0

dcaegen2-platform-mod2-helm-generator

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	com.fasterxml.jackson.core : jackson-databind : 2.10.3	2.14.1

dcaegen2-platform-ves-openapi-manager

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	com.fasterxml.jackson.core : jackson-databind : 2.13.3	2.14.1

dcaegen2-services-kpi-computation-ms

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	ch.qos.logback : logback-core : 1.3.0-alpha0	1.4.5
OPEN	1	com.fasterxml.jackson.core : jackson-databind : 2.13.3	2.14.1
OPEN	1	io.undertow : undertow-core : 2.2.17.Final	2.3.0.Final
OPEN	1	org.springframework : spring-web : 5.3.20	6.0.2
OPEN	2	org.eclipse.jetty : jetty-server : 9.4.41.v20210516	11.0.12

dcaegen2-services-mapper

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	com.fasterxml.jackson.core : jackson-databind : 2.13.3	2.14.1
OPEN	1	com.thoughtworks.xstream : xstream : 1.4.19	1.4.19
OPEN	1	org.postgresql : postgresql : 42.3.6	42.5.1
OPEN	2	io.projectreactor.netty : reactor-netty : 0.9.12.RELEASE	1.1.0
OPEN	2	xerces : xercesImpl : 2.12.2	2.12.2

dcaegen2-services-pm-mapper

Status

Priority

Component name and version

Recommended version

Threat level

Project’s assessment

OPEN

IN PROGRESS

1

io.undertow : undertow-core : 2.2.17.Final

2.3.0.Final

dcaegen2-services-prh

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	org.apache.commons : commons-text : 1.6	1.10.0
OPEN	1	org.apache.tomcat.embed : tomcat-embed-core : 9.0.65	10.1.2
OPEN	1	org.springframework : spring-web : 5.3.22	6.0.2

dcaegen2-services-sdk

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	com.google.protobuf : protobuf-java : 3.21.1	4.0.0-rc-2

dcaegen2-services-slice-analysis-ms

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	ch.qos.logback : logback-core : 1.3.0-alpha0	1.4.5
OPEN	1	com.fasterxml.jackson.core : jackson-databind : 2.13.3	2.14.1
OPEN	1	org.apache.tomcat.embed : tomcat-embed-core : 9.0.65	10.1.2
OPEN	1	org.postgresql : postgresql : 42.3.6	42.5.1
OPEN	1	org.springframework : spring-web : 5.3.20	6.0.2
OPEN	2	org.eclipse.jetty : jetty-server : 9.4.41.v20210516	11.0.12

dcaegen2-services-son-handler

Status	Priority	Component name and version	Recommended version	Threat level	Project’s assessment
OPEN	1	ch.qos.logback : logback-core : 1.3.0-alpha0	1.4.5
OPEN	1	com.fasterxml.jackson.core : jackson-databind : 2.13.3	2.14.1
OPEN	1	org.apache.tomcat.embed : tomcat-embed-core : 9.0.65	10.1.2
OPEN	1	org.postgresql : postgresql : 42.3.6	42.5.1
OPEN	1	org.springframework : spring-web : 5.3.20	6.0.2
OPEN	2	io.projectreactor.netty : reactor-netty : 0.9.12.RELEASE	1.1.0
OPEN	2	org.eclipse.jetty : jetty-server : 9.4.40.v20210413	11.0.12

The following had no violations (or no direct violations):

dcaegen2-deployments
dcaegen2-platform-adapter-acumos
dcaegen2-platform-mod-designtool
dcaegen2-platform-mod-distributorapi
dcaegen2-platform-mod-onboardingapi
dcaegen2-platform-mod2-catalog-service
dcaegen2-platform-mod2-auth-service
dcaegen2-platform-mod2-ui
dcaegen2-services-heartbeat
dcaegen2-utils
dcaegen2

Versions Compared

Old Version 3

New Version 4

Key

dcaegen2-analytics-tca-gen2

dcaegen2-collectors-datafile

dcaegen2-collectors-hv-ves

onap-dcaegen2-collectors-restconf

dcaegen2-collectors-ves

dcaegen2-platform-mod-genprocessor

dcaegen2-platform-mod-runtimeapi

dcaegen2-platform-mod2-helm-generator

dcaegen2-platform-ves-openapi-manager

dcaegen2-services-kpi-computation-ms

dcaegen2-services-mapper

dcaegen2-services-pm-mapper

dcaegen2-services-prh

dcaegen2-services-sdk

dcaegen2-services-slice-analysis-ms

dcaegen2-services-son-handler

The following had no violations (or no direct violations):

Page Comparison

Versions Compared

Old Version 3

New Version 4

Key

dcaegen2-analytics-tca-gen2

dcaegen2-collectors-datafile

dcaegen2-collectors-hv-ves

onap-dcaegen2-collectors-restconf

dcaegen2-collectors-ves

dcaegen2-platform-mod-genprocessor

dcaegen2-platform-mod-runtimeapi

dcaegen2-platform-mod2-helm-generator

dcaegen2-platform-ves-openapi-manager

dcaegen2-services-kpi-computation-ms

dcaegen2-services-mapper

dcaegen2-services-pm-mapper

dcaegen2-services-prh

dcaegen2-services-sdk

dcaegen2-services-slice-analysis-ms

dcaegen2-services-son-handler

The following had no violations (or no direct violations):