...
| Repository | Group | Impact Analysis | Action | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| sdnc/apps, sdnc/oam | ch.qos.logback | False positive : only applies if logs are written to sockets (e.g. syslog), which does not apply in our case | No action needed | ||||||||
| sdnc/oam | com.fasterxml | False positive : only applies if data format extension is used, which does not apply | No action needed | ||||||||
| sdnc/oam | com.fasterxml | Inherited from OpenDaylight | Must be addressed in upstream OpenDaylight project | ||||||||
| sdnc/apps, sdnc/northbound | com.fasterxml.jackson.core | Fixed in version 2.8.6 | Will be updated to 2.8.9 in maintenance release (See
| ||||||||
| sdnc/apps | com.fasterxml.jackson.core | Fixed in version 2.8.8.1 | Will be updated to 2.8.9 in maintenance release (See | ||||||||
| sdnc/oam | com.fasterxml.jackson.core | Fixed in version 2.8.8.1 | Will be updated to 2.8.9 in maintenance release (See | ||||||||
| sdnc/apps | com.fasterxml.jackson.core | Inherited from spring-boot | Must be addressed in upstream spring-boot | ||||||||
| sdnc/apps | com.fasterxml.jackson.core | Inherited from spring-boot | Must be addressed in upstream spring-boot | ||||||||
| sdnc/apps | com.fasterxml.jackson.core | Inherited from spring-boot | Must be addressed in upstream spring-boot | ||||||||
| sdnc/apps | com.fasterxml.jackson.core | Inherited from spring-boot | Must be addressed in upstream spring-boot | ||||||||
| sdnc/oam | com.google.guava | Inherited from gjsonpatch 0.2.1 | Fix targeted for maintenance release (See
| ||||||||
| sdnc/apps, sdnc/northbound | com.google.guava | Inherited from swagger-core | Must be addressed in upstream swagger-core | ||||||||
| sdnc/oam | dom4j | Inherited from spring-boot | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/northbound | javax.mail | Inherited from OpenDaylight | Must be addressed in upstream OpenDaylight project | ||||||||
| sdnc/oam | org.apache.commons | Inherited from zjsonpatch 0.2.1 | Fix targeted for maintenance release (See
| ||||||||
| sdnc/northbound, sdnc/oam | org.apache.karaf.jaas | Inherited from OpenDaylight | Must be addressed in upstream OpenDaylight project | ||||||||
| sdnc/northbound, sdnc/oam | org.apache.karaf.jaas | Inherited from OpenDaylight | Must be addressed in upstream OpenDaylight project | ||||||||
| sdnc/oam | org.apache.logging.log4j | Inherited from spring-boot version 1.5.4-RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.apache.tomcat.embed | Inherited from spring-boot version 1.5.4-RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.apache.tomcat.embed | Inherited from spring-boot version 1.5.4-RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.apache.tomcat.embed | Inherited from spring-boot version 1.5.4-RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.apache.tomcat.embed | Inherited from spring-boot version 1.5.4-RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.apache.tomcat.embed | Inherited from spring-boot version 1.5.4-RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.apache.tomcat.embed | Inherited from spring-boot version 1.5.4-RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.apache.tomcat.embed | Inherited from spring-boot version 1.5.4-RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.apache.tomcat.embed | Inherited from spring-boot version 1.5.4-RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.codehaus.jackson | Inherited from spring-boot | Must be addressed in upstream spring-boot | ||||||||
| sdnc/oam | org.hibernate | Inherited from spring-boot version 1.5.4-RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.springframework | Fixed in version 4.3.15.RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/apps, sdnc/northbound | org.springframework | Fixed in version 4.3.15.RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/apps | org.springframework | Fixed in version 4.3.17.RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.springframework | Fixed in version 4.3.15.RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/apps, sdnc/northbound | org.springframework | Fixed in version 4.3.17.RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/apps, sdnc/northbound | org.springframework | Fixed in version 4.3.15.RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/apps, sdnc/northbound | org.springframework | Fixed in version 4.3.17.RELEASE | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/apps | org.springframework | Fixed in version 4.3.18 | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/apps | org.springframework | Fixed in version 4.3.18 | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.springframework | Fixed in version 4.3.18 | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.springframework | Fixed in version 4.3.18 | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/apps, sdnc/northbound | org.springframework | Fixed in version 4.3.18 | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/apps, sdnc/northbound | org.springframework | Fixed in version 4.3.18 | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.springframework | Fixed in version 4.3.15 | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.springframework | Fixed in version 4.3.18 | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/apps | org.springframework | Fixed in version 4.3.18 | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.springframework.data | Fixed in version 1.13.11 | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.springframework.data | Fixed in version 1.13.11 | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/oam | org.springframework.data | Fixed in version 1.13.12 | Must upgrade to spring-boot version 2.1.0-RELEASE, which resolves this issue (
| ||||||||
| sdnc/apps | @stipsan/uikit | Not enough info in problem description to identify fixed version | Not enough info in problem description to identify fixed version | ||||||||
| sdnc/oam | express | FALSE POSITIVE - only applies to older versions of node.js, < 0.9.4. We are using version 4.2.6 | None needed | ||||||||
| sdnc/oam | forwarded | FALSE POSITIVE - this code would not be executed in DG builder (it's included as part of base NodeRed platform, but not used) | None needed | ||||||||
| sdnc/oam | fresh | FALSE POSITIVE - this code would not be executed in DG builder (it's included as part of base NodeRed platform, but not used) | None needed | ||||||||
| sdnc/apps | handlebars | Inherited from swagger | Must be addressed in upstream swagger | ||||||||
| sdnc/oam | jquery | FALSE POSITIVE - the vulnerable functionality is not used | None needed | ||||||||
| sdnc/oam | jquery | FALSE POSITIVE - the vulnerable functionality is not used | None needed | ||||||||
| sdnc/oam | jquery | FALSE POSITIVE - the vulnerable functionality is not used | None needed | ||||||||
| sdnc/oam | serve-index | FALSE POSITIVE - the vulnerable functionality is not used | None needed |