...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
NOTE: This page is copy of /wiki/spaces/SV/pages/16094118 report
The tables contain the recommended package version upgrades for outdated direct dependencies with Critical or Severe vulnerabilities identified by NexusIQ. These packages must be upgraded by M2/M3 or a request for a waiver must be requested from SECCOM and the TSC.
- Priority 1 recommendations have at least one Critical vulnerability.
- Priority 2 recommendations contain at least one Severe vulnerability, and no Critical vulnerabilities.
- There are four status values:
- required upgrade identifiedStatus title Open
- project working on the upgradeStatus colour Blue title In Progress
- package has been upgraded to the recommended versionStatus colour Green title Complete
- project granted a waiver for the upgrade because of technical or resource constraintsStatus colour Yellow title Waiver
When the upgrade of the package is complete change the status in the table to
| Status | ||||
|---|---|---|---|---|
|
If a waiver is granted, change the status to
| Status | ||||
|---|---|---|---|---|
|
When the status of all direct dependency replacements is
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
so-adapters-so-etsi-sol003-adapter
| Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment | ||||||
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.3 | 2.14.1 | This is indirect dependency coming from the o-parent. |
There is no o-parent dependency present in the pom.xml
| |||||||||||
| 1 | org.yaml : snakeyaml : 1.26 | 1.33 | This needs further analysis and is being checked in detail. We have a resource crunch at the moment. |
That version is declare but there is no use in the entire file.
so-libs
| Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment | ||||||
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.1 | 2.14.1 | This is indirect dependency coming from the o-parent. |
so
| Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment | ||||
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.3 | 2.14.1 |
7
7
7
7This is indirect dependency coming from the o-parent. | |||||||||
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.9.8 | 2.14.1 |
| Same as above |
|
|
|
7
Same as above
| 1 | com.google.protobuf : protobuf-java : 3.10.0 | 4.0.0-rc-2 |
7
75
This needs further analysis and is being checked in detail. We have a resource crunch at the moment. |
this dependency not found in Master branch
| 1 | com.h2database : h2 : 1.4.200 | 0.16.4 |
9
98
8
6
We dont use this code in the production and is only built for testing code. |
not found
| 1 | org.apache.tomcat : tomcat-catalina : 9.0.45 | 9.0.37.1 |
7
6This needs further analysis and We are facing resource issue at the moment, request a waiver. |
this dependency not found in Master branch
| 1 | org.json : json : 20140107 | 20220924 |
7
The change would bring in a major testing to be performed across the projects and we have a resource crunch. |
The version 20220924 is updated and available in Master branch
| |||||||||
| 1 | org.json : json : 20160212 | 20220924 |
The change would bring in a major testing to be performed across the projects and we have a resource crunch. |
The version 20220924 is updated and available in Master branch
| |||||||||
| 1 | org.springframework : spring-web : 5.2.14.RELEASE | 6.0.2 |
9
7
4
The change would bring in a major testing to be performed across the projects and we have a resource crunch |
this dependency not found in Master branch
| 1 | org.springframework.data : spring-data-rest-hal-browser : 3.3.9.RELEASE | 3.3.9.RELEASE |
7
7
6
6
6
6
6
6
6
6
6
6
5
5This needs further analysis and We are facing resource issue at the moment, request a waiver. |
this dependency not found in Master branch
| 1 | org.springframework.security : spring-security-web : 5.4.6 | 3.0.11-oss |
9
This needs further analysis and We are facing resource issue at the moment, request a waiver. |
this dependency not found in Master branch
| 1 | org.yaml : snakeyaml : 1.26 | 1.33 |
7
6
6
6
6
5| This needs further analysis and We are facing resource issue at the moment, request a waiver. | ||||||||
| 2 | org.glassfish.jersey.core : jersey-common : 2.22.1 |
Indirect dependency, |
this dependency not found in Master branch
| 2 | org.glassfish.jersey.core : jersey-common : 2.30.1 |
Indirect dependency. |
this dependency not found in Master branch
| 2 | org.springframework : spring-webmvc : 5.2.12.RELEASE | 6.0.2 |
This needs further analysis and We are facing resource issue at the moment, request a waiver. |
so-so-admin-cockpit
| Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment | ||||||
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.1 | 2.14.1 | This is indirect dependency coming from the o-parent. The change would bring in a major testing to be performed across the projects and we have a resource crunch |
so-so-etsi-nfvo
| Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment | ||||||
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.1 | 2.14.1 | This is indirect dependency coming from the o-parent. The change would bring in a major testing to be performed across the projects and we have a resource crunch. |
There is no o-parent dependency present in the pom.xml
| 1 | org.yaml : snakeyaml : 1.26 | 1.33 | This needs further analysis and is being checked in detail. We have a resource crunch at the moment |
That version is declare but there is no use in the entire file
. |