Dublin AAF Security/Vulnerability Report
- Amy Zwarico
Owned by Amy Zwarico
This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
Repository | Group | Impact Analysis | Action |
|---|---|---|---|
aaf-authz | AAF has no vulnerable third party packages in the AAF tool repo. | ||
aaf-cadi | commons.beanutils | False Positive - this jar is used by Shiro, not by CADI code, and is thus a problem with Shiro, not AAF or CADI | None - Shiro needs to fix |
aaf-cadi | org.apache.shiro | False Positive - this jar is used by Shiro, not by CADI code, and is thus a problem with Shiro, not AAF or CADI | There is a new Jar available, 1.4.0, which appears promising. However, checked with clients which use OpenDaylight. They cannot use 1.4.0 at this time. (4/2/2019) |