NOTE: This page is copy of /wiki/spaces/SV/pages/16093480 report created by SECCOM (excluded CVE info); any update should be done on parent page.
...
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | ||||
| 2 | io.springfox : springfox-swagger2 : 3.0.0 | 5 | ??? | Already on latest; no non-vulnerable version available | ||||
| 2 | undertow-core : 2.2.7.Final | 5 5 | 2.2.14 | 2.2.14.Final |
dcaegen2-collectors-datafile
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | ||||
| 1 | spring-web : 5.3.6 | 9 7 4 | 5.3.13 | 5.3.13 or 5.3.14 | ||||
| 2 | io.springfox : springfox-swagger2 : 3.0.0 | 5 | ??? | Already on latest; no non-vulnerable version available |
...
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | ||||
| 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 8 | 1.2.10 | 1.2.10 | ||||
| 1 | com.google.code.gson : gson : 2.8.5 | 7 | 2.8.9 | 2.8.9 | ||||
| 2 | io.springfox : springfox-swagger2 : 3.0.0 | 5 | ??? | Already on latest; no non-vulnerable version available | ||||
1 | com.fasterxml.jackson.core : jackson-databind : 2.11.0 | 10 | 2.12.6 | 2.12.6 |
dcaegen2-collectors-hv-ves
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | ||||
| 1 | com.google.code.gson : gson : 2.8.6 | 7 | 2.8.9 | 2.8.9 |
dcaegen2-collectors-ves
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | ||||
| 1 | com.google.code.gson : gson : 2.8.6 | 7 | 2.8.9 | 2.8.9 | ||||
| 2 | io.netty : netty-codec-http : 4.1.59.Final | 5 | 4.1.70.Final | 4.1.73.Final | ||||
| 2 | io.springfox : springfox-swagger2 : 3.0.0 | 5 | ??? | Already on latest; no non-vulnerable version available | ||||
org.apache.logging.log4j: log4j-core:2.16.0 | 2.17.1 |
dcaegen2-platform-mod-genprocessor
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | |||||
1 | com.fasterxml.jackson.core : jackson-databind : 2.11.0 | 10 | 2.12.6 | 2.12.6 | ||||||
| 2 | nifi-utils : 1.9.2 | 5 | 1.15.0 | 1.15.2retain current version due to dependency with upstream nifi version on designer module |
dcaegen2-platform-mod2-auth
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | ||||
| 1 | com.google.code.gson : gson : 2.8.6 | 7 | 2.8.9 | POC components; not part of ONAP deployment | ||||
| 1 | com.squareup.okhttp3 : okhttp : 4.0.1 | 7 | 4.9.3 | POC components; not part of ONAP deployment |
...
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | ||||
| 1 | com.google.code.gson : gson : 2.8.6 | 7 | 2.8.9 | POC components; not part of ONAP deployment | ||||
| 1 | com.squareup.okhttp3 : okhttp : 4.0.1 | 7 | 4.9.3 | POC components; not part of ONAP deployment | ||||
| 1 | io.springfox : springfox-swagger-ui : 2.9.2 | 9 6 6 | 3.0.0 | POC components; not part of ONAP deployment | ||||
| 2 | io.springfox : springfox-swagger2 : 2.9.2 | 5 | 3.0.0 | POC components; not part of ONAP deployment |
...
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | ||||
| 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 8 | 1.2.10 | 1.2.10 | ||||
| 1 | org.springframework : spring-web : 5.3.7 | 9 4 | 5.3.13 | 5.3.14 | ||||
1 | com.fasterxml.jackson.core : jackson-databind : 2.11.0 | 10 | 2.12.6 | 2.12.6 | |||||
| 2 | io.undertow : undertow-core : 2.2.8.Final | 5 5 | 2.2.14.Final | 2.2.14.Final | ||||
org.springframework : spring-webmvc : 5.3.7 | 6 | 5.3.14 |
dcaegen2-services-bbs-event-processor
...
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | ||||
1 | com.fasterxml.jackson.core : jackson-databind : 2.11.2 | 10 | 2.12.6 | 2.12.6 | |||||
org.apache.logging.log4j: log4j-core:2.16.0 | 2.17.1 | ||||||||
| 1 | com.google.code.gson : gson : 2.8.5 | 7 | 2.8.9 | 2.8.9 | ||||
| 1 | xstream : 1.4.16 | 8 | 1.4.18 | 1.4.18 | ||||
| 2 | xercesImpl : 2.12.1 | 5 | ??? | Already on latest; no non-vulnerable version available |
...
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | ||||
| 1 | com.google.code.gson : gson : 2.8.5 | 7 | 2.8.9 | 2.8.9 | ||||
| 2 | undertow-core : 2.2.9.Final | 5 4 4 | 2.2.14.Final |
2.2.16.Final |
dcaegen2-services-prh
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) | ||||
| 1 | org.apache.tomcat.embed : tomcat-embed-websocket : 9.0.48 | 7 | 10.1.0M7 | Either 10.1.0-M8 or 9.0.56 | ||||
| 1 | org.springframework : spring-web : 5.3.8 | 9 4 | 5.3.13 RELEASE | 5.3.14 |
dcaegen2-services-sdk
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment | ||||
| 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 8 | 1.2.10 | 1.2.10 | ||||
| 1 | com.google.code.gson : gson : 2.8.5 | 7 | 2.8.9 | 2.8.9 | ||||
org.springframework : spring-webflux : 5.3.1 | 6 | 5.3.14 |
dcaegen2-services-son-handler
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment | ||||
1 | com.fasterxml.jackson.core : jackson-databind : 2.11.0 | 10 | 2.12.6 | 2.12.6 | |||||
| 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 8 | 1.2.10 | 1.2.10 | ||||
| 1 | org.springframework : spring-web : 5.3.7.RELEASE | 9 4 | 5.3.13 RELEASE | 5.3.14 | ||||
org.springframework : spring-webmvc : 5.3.7 | 6 | 5.3.14 | |||||||
| 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.46 | 6 | 10.1.0-M7 | 9.0.50 or 10.1.0-M8 |
...
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment | ||||
1 | com.fasterxml.jackson.core : jackson-databind : 2.11.0 | 10 | 2.12.6 | 2.12.6 | |||||
| 1 | ch.qos.logback : logback-core : 1.3.0-alpha0 | 8 | 1.2.10 | 1.2.10 | ||||
| 1 | org.springframework : spring-web : 5.3.7.RELEASE | 9 4 | 5.3.13 RELEASE | 5.3.14 | ||||
org.springframework : spring-webmvc : 5.3.7 | 6 | 5.3.14 | |||||||
| 2 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.46 | 6 | 10.1.0-M7 | 9.0.50 or 10.1.0-M8 |
...
dcaegen2-platform-mod2-helmgenerator
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) |
com.fasterxml.jackson.core : jackson-databind : 2.10.3 | 10 | 2.12.6 | |||
com.squareup.okhttp3 : okhttp : 4.0.1 | 5 | 4.9.3 | |||
commons-io : commons-io : 2.4 | 2.11.0 |
dcaegen2-platform-ves-openapi-manager
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment (Target for J) |
com.fasterxml.jackson.core : jackson-databind : 2.9.4 | 10 | 2.12.6 |