...
Out of Scope: Known vulnerabilities in the dependent packages included in the ONAP code base. Examples of dependent packages in ONAP include ODL, com.fasterxml.jackson.core : jackson-databind : 2.8.11.3, and org.eclipse.jetty : jetty-util : 9.4.14.v20181114, and djangoframework.
Reminder: All security vulnerabilities found in the ONAP code base must be fixed within 60days in order for the project to retain its CII Passing badge.
...