Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »


NOTE: This page is copy of /wiki/spaces/SV/pages/16093480 report created by SECCOM (excluded CVE info); any update should be done on parent page.


The tables contain the recommended package version upgrades for outdated direct dependencies with Critical or Severe vulnerabilities identified by NexusIQ. These packages must be upgraded by M2/M3 or a request for a waiver must be requested from SECCOM and the TSC.

  • Priority 1 recommendations have at least one Critical vulnerability.
  • Priority 2 recommendations contain at least one Severe vulnerability, and no Critical vulnerabilities.
  • There are four status values:
    • OPEN - required upgrade identified
    • IN PROGRESS - project working on the upgrade
    • COMPLETE - package has been upgraded to the recommended version
    • WAIVER - project granted a waiver for the upgrade because of technical or resource constraints

When the upgrade of the package is complete change the status in the table to COMPLETE.

If a waiver is granted, change the status to WAIVER.

When the status of all direct dependency replacements is COMPLETE or WAIVER, the Jira ticket should be closed.

dcaegen2-analytics-tca-gen2

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???


OPEN

2

undertow-core : 2.2.7.Final

5

5

2.2.14


dcaegen2-collectors-datafile

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

spring-web : 5.3.6

9

7

4

5.3.13

OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5???

onap-dcaegen2-collectors-restconf

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.3.0-alpha10

OPEN

1

com.google.code.gson : gson : 2.8.5

72.8.9

OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5???

dcaegen2-collectors-hv-ves

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9

dcaegen2-collectors-ves

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9

OPEN

2io.netty : netty-codec-http : 4.1.59.Final54.1.70.Final

OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5???

dcaegen2-platform-mod-genprocessor

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

2

nifi-utils : 1.9.2

51.15.0

dcaegen2-platform-mod2-auth

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9

OPEN

1com.squareup.okhttp3 : okhttp : 4.0.174.9.3

dcaegen2-platform-mod2-catalog

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9

OPEN

1com.squareup.okhttp3 : okhttp : 4.0.174.9.3


OPEN

1

io.springfox : springfox-swagger-ui : 2.9.2

9

6

6

3.0.0

OPEN

2io.springfox : springfox-swagger2 : 2.9.253.0.0

dcaegen2-platform-mod-runtimeapi

Status

Priority

Component name and version

CVE

Threat level

Recommended version

Project’s assessment








caegen2-services-kpi-computation-ms

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.3.0-alpha10

OPEN

1org.springframework : spring-web : 5.3.7

9

4

5.3.13

OPEN

2io.undertow : undertow-core : 2.2.8.Final

5

5

2.2.14.Final

dcaegen2-services-bbs-event-processor

Status

Priority

Component name and version

CVE

Threat level

Recommended version

Project’s assessment








dcaegen2-services-mapper

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

com.google.code.gson : gson : 2.8.5

72.8.9

OPEN

1xstream : 1.4.16

8

1.4.18

OPEN

2

 xercesImpl : 2.12.15???

dcaegen2-services-pm-mapper

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

com.google.code.gson : gson : 2.8.5

72.8.9

OPEN

2

undertow-core : 2.2.9.Final

5

4

4

2.2.14.Final


dcaegen2-services-prh

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

org.apache.tomcat.embed : tomcat-embed-websocket : 9.0.48

7

10.1.0M7


OPEN

1

org.springframework : spring-web : 5.3.8.RELEASE

9

4

5.3.13 RELEASE


dcaegen2-services-sdk

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.3.0-alpha10

OPEN

1

com.google.code.gson : gson : 2.8.5

72.8.9

dcaegen2-services-son-handler

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.3.0-alpha10

OPEN

1

org.springframework : spring-web : 5.3.7.RELEASE

9

4

5.3.13 RELEASE


OPEN

1

org.apache.tomcat.embed : tomcat-embed-core : 9.0.46

6

10.1.0-M7


dcaegen2-services-slice-analysis-ms

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

org.springframework : spring-web : 5.3.7.RELEASE

9

4

5.3.13 RELEASE


OPEN

2

org.apache.tomcat.embed : tomcat-embed-core : 9.0.46

6

10.1.0-M7


  • No labels