Please note: Report is as per London release
...
Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.3 | 2.14.1 | 7 7 7 7 | This is indirect dependency coming from the o-parent. |
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.9.8 | 2.14.1 | 7 7 7 7 7 | Same as above |
| 1 | com.google.protobuf : protobuf-java : 3.10.0 | 4.0.0-rc-2 | 7 7 5 | This needs further analysis and is being checked in detail. We have a resource crunch at the moment. |
| 1 | com.h2database : h2 : 1.4.200 | 0.16.4 | 9 9 8 8 6 | We dont use this code in the production and is only built for testing code. |
| 1 | org.apache.tomcat : tomcat-catalina : 9.0.45 | 9.0.37.1 | 7 6 | This needs further analysis and We are facing resource issue at the moment, request a waiver. |
| 1 | org.json : json : 20140107 | 20220924 | 7 | The change would bring in a major testing to be performed across the projects and we have a resource crunch. |
| 1 | org.json : json : 20160212 | 20220924 | 7 | The change would bring in a major testing to be performed across the projects and we have a resource crunch. |
| 1 | org.springframework : spring-web : 5.2.14.RELEASE | 6.0.2 | 9 7 4 | The change would bring in a major testing to be performed across the projects and we have a resource crunch. |
| 1 | org.springframework.data : spring-data-rest-hal-browser : 3.3.9.RELEASE | 3.3.9.RELEASE | 7 7 6 6 6 6 6 6 6 6 6 6 5 5 | This needs further analysis and We are facing resource issue at the moment, request a waiver. |
| 1 | org.springframework.security : spring-security-web : 5.4.6 | 3.0.11-oss | 9 | This needs further analysis and We are facing resource issue at the moment, request a waiver. |
| 1 | org.yaml : snakeyaml : 1.26 | 1.33 | 7 6 6 6 6 5 | This needs further analysis and We are facing resource issue at the moment, request a waiver. |
| 2 | org.glassfish.jersey.core : jersey-common : 2.22.1 | 5 | Indirect dependency, | |
| 2 | org.glassfish.jersey.core : jersey-common : 2.30.1 | 5 | Indirect dependency. | |
| 2 | org.springframework : spring-webmvc : 5.2.12.RELEASE | 6.0.2 | 4 | This needs further analysis and We are facing resource issue at the moment, request a waiver. |
so-so-admin-cockpit
Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.1 | 2.14.1 | This is indirect dependency coming from the o-parent. The change would bring in a major testing to be performed across the projects and we have a resource crunch. |
...