Casablanca AAF Security/Vulnerability Report
- Gildas Lanilis Gmail
- Amy Zwarico
This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
Repository | Group | Impact Analysis | Action |
|---|---|---|---|
aaf/authz | AAF has removed all Security Issues of any kind from the AAF tool repo. | ||
aaf/cadi | org.apache.shiro | False Positive cadi-shiro Adapter is only for Shiro. The Adapter only is used within Shiro, and thus, the security question is about whether to use Shiro or not, which is not a CADI problem. | Not applicable If ONAP Shiro Users move to Shiro 1.4.0, we might be able to update. |
aaf/cadi | commons.beanutils | False Positive This lib is only used by Shiro, and inclusion of Shiro is the only reason it is flagged. Solution is the same. as org.apache.shiro | Not applicable It doesn't look like upgrading to Shiro 1.4.0 will help this version of common-beanutils |