...
NOTE: This page is copy of /wiki/spaces/SV/pages/16094094 report created by SECCOM under DCAEGEN2-3318 (excluded CVE info); any update should be done on parent page.
...
When the status of all direct dependency replacements is
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
dcaegen2-analytics-tca-gen2
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 |
COMPLETE | 1 | io.undertow : undertow-core : 2.2.17.Final | 2.3.0.Final |
COMPLETE | 2 | io.springfox : springfox-swagger-ui : 2.10.5 | 3.0.0 | ||
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version |
dcaegen2-collectors-datafile
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 |
COMPLETE | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.65 | 10.1.2 | This is transient dependency from spring-boot; upgraded |
to tomcat 9.0.65 which is default in the spring-boot 2.7.2 |
. Recommended version requires Springboot-3 and Spring-6 which in turn require Java-17. In London release, version 9.0.72 will be upgraded to. | |||||
COMPLETE | 1 | org.springframework : spring-web : 5.3.22 | 6.0.2 | Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to. | |
| 2 | io.springfox : springfox-swagger-ui : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version | ||
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version |
dcaegen2-collectors-hv-ves
Status | Priority | Component name and version | CVE | Threat level | Recommended version | Project’s assessment |
| No vulnerable components |
onap-dcaegen2-collectors-restconf
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 |
COMPLETE | 1 | org.codehaus.jettison : jettison : 1.3.7 | 1.5.2 |
COMPLETE | 2 | io.springfox : springfox-swagger-ui : 2.10.5 | 3.0.0 | ||
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version |
dcaegen2-collectors-ves
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 2 | io.springfox : springfox-swagger-ui : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version | |
COMPLETE | 2 | io.springfox : springfox-swagger2 : 3.0.0 | 3.0.0 | SECCOM: 3.0. is the latest version |
dcaegen2-platform-mod-genprocessor
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.0 | 2.14.1 |
The component will be retired in London release, hence no upgrade is needed. | |||||||||
| 1 | org.apache.commons : commons-text : 1.7 | 1.10.0 |
| 2 | org.apache.nifi : nifi-utils : 1.9.2 | 1.19.0 |
dcaegen2-platform-mod-runtimeapi
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
| 1 | org.yaml : snakeyaml : 1.26 | 1.33 | The component will be retired in London release, hence no upgrade is needed. | |||||||
| 2 | io.springfox : springfox-swagger-ui : 3.0.0 | 3.0.0 |
dcaegen2-platform-mod2-helm-generator
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.10.3 | 2.14.1 | The component will be retired in London release, hence no upgrade is needed. |
dcaegen2-platform-ves-openapi-manager
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 |
dcaegen2-services-kpi-computation-ms
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 1.4.5 |
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 |
COMPLETE | 1 | io.undertow : undertow-core : 2.2.17.Final | 2.3.0.Final |
COMPLETE | 1 | org.springframework : spring-web : 5.3.20 | 6.0.2 |
| Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to. | |||||
COMPLETE | 2 | org.eclipse.jetty : jetty-server : 9.4.41.v20210516 | 11.0.12 |
dcaegen2-services-mapper
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 |
COMPLETE | 1 | com.thoughtworks.xstream : xstream : 1.4.19 | 1.4.19 |
COMPLETE | 1 | org.postgresql : postgresql : 42.3.6 | 42.5.1 |
COMPLETE | 2 | io.projectreactor.netty : reactor-netty : 0.9.12.RELEASE | 1.1.0 |
COMPLETE | 2 | xerces : xercesImpl : 2.12.2 | 2.12.2 |
dcaegen2-services-pm-mapper
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | io.undertow : undertow-core : 2.2.17.Final | 2.3.0.Final |
dcaegen2-services-prh
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | org.apache.commons : commons-text : 1.6 | 1.10.0 |
COMPLETE | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.65 | 10.1.2 |
Recommended version requires Springboot-3 and Spring-6 which in turn require Java-17. In London release, version 9.0.72 will be upgraded to. | |||||
COMPLETE | 1 | org.springframework : spring-web : 5.3.22 | 6.0.2 | Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to. |
dcaegen2-services-sdk
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | com.google.protobuf : protobuf-java : 3.21.1 | 4.0.0-rc-2 |
dcaegen2-services-slice-analysis-ms
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 1.4.5 |
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 |
COMPLETE | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.65 | 10.1.2 |
| Recommended version requires Springboot-3 and Spring-6 which in turn require Java-17. In London release, version 9.0.72 will be upgraded to. | |||
COMPLETE | 1 | org.postgresql : postgresql : 42.3.6 | 42.5.1 |
COMPLETE | 1 | org.springframework : spring-web : 5.3.20 | 6.0.2 |
| Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to. | |||||
COMPLETE | 2 | org.eclipse.jetty : jetty-server : 9.4.41.v20210516 | 11.0.12 |
dcaegen2-services-son-handler
Status | Priority | Component name and version | Recommended version | Threat level | Project’s assessment |
COMPLETE | 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 1.4.5 |
COMPLETE | 1 | com.fasterxml.jackson.core : jackson-databind : 2.13.3 | 2.14.1 |
COMPLETE | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.65 | 10.1.2 |
| Recommended version requires Springboot-3 and Spring-6 which in turn require Java-17. In London release, version 9.0.72 will be upgraded to. | |||
COMPLETE | 1 | org.postgresql : postgresql : 42.3.6 | 42.5.1 |
COMPLETE | 1 | org.springframework : spring-web : 5.3.20 | 6.0.2 |
| Recommended version requires Java-17. In London release, version 5.3.25 will be upgraded to. | |||
COMPLETE | 2 | io.projectreactor.netty : reactor-netty : 0.9.12.RELEASE | 1.1.0 |
COMPLETE | 2 | org.eclipse.jetty : jetty-server : 9.4.40.v20210413 | 11.0.12 |
The following had no violations (or no direct violations):
- dcaegen2-deployments
- dcaegen2-platform-adapter-acumos
- dcaegen2-platform-mod-designtool
- dcaegen2-platform-mod-distributorapi
- dcaegen2-platform-mod-onboardingapi
dcaegen2-platform-mod2-catalog-service
dcaegen2-platform-mod2-auth-service
- dcaegen2-platform-mod2-ui
- dcaegen2-services-heartbeat
- dcaegen2-utils
- dcaegen2