Casablanca CCSDK Security/Vulnerability Report

ccsdk/apps

ch.qos.logback

Need to upgrade version to 1.2.0

Plan to upgrade version to 1.2.0, where feasible

ccsdk/apps, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/plugins

ch.qos.logback

Need to upgrade version to 1.2.0

Plan to upgrade version to 1.2.0, where feasible

ccsdk/apps, ccsdk/distribution, ccsdk/sli/plugins

com.fasterxml.jackson.core

No non-vulnerable version of Jackson exists

Need to rewrite code to avoid Jackson

ccsdk/parent

com.fasterxml.jackson.core

Fixed in version 2.8.6

Plan to upgrade to version >= 2.8.6

ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors

com.fasterxml.jackson.core

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors

com.fasterxml.jackson.core

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/features

com.fasterxml.jackson.core

No non-vulnerable version of Jackson exists

Need to rewrite code to avoid Jackson

ccsdk/sli/northbound

com.fasterxml.jackson.core

No non-vulnerable version of Jackson exists

Need to rewrite code to avoid Jackson

ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors

com.fasterxml.jackson.core

No non-vulnerable version of Jackson exists

Need to rewrite code to avoid Jackson

ccsdk/parent

com.fasterxml.jackson.core

Fixed in version 2.8.8.1

Plan to upgrade to version >= 2.8.8.1

ccsdk/apps, ccsdk/distribution, ccsdk/sli/adaptors

com.fasterxml.jackson.core

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

com.fasterxml.jackson.dataformat

Need to upgrade to version 2.7.4 or higher

Plan to upgrade to version >= 2.7.8

ccsdk/distribution

com.fasterxml.jackson.dataformat

Need to upgrade to version 2.7.8 or higher

Plan to upgrade to version >= 2.7.8

ccsdk/distribution

com.flozano.sendgrid

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/sli/northbound

com.google.guava

Need to upgrade to version 23.6.1 or greater

Plan to upgrade to version 23.6.1 or higher

ccsdk/apps

com.google.guava

Need to upgrade to version 23.6.1 or greater

Plan to upgrade to version 23.6.1 or higher

ccsdk/distribution

com.google.guava

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

com.google.guava

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

com.h2database

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

com.h2database

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps

com.h2database

No non-vulnerable version exists

Need to find replacement

ccsdk/apps

com.h2database

No non-vulnerable version exists

Need to find replacement

ccsdk/distribution

com.jcraft

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution, ccsdk/sli/adaptors

com.sun.mail

Need to upgrade to version 1.5.3 or greater

Plan to upgrade to version >= 1.5.3

ccsdk/distribution

commons-beanutils

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

commons-beanutils

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

commons-codec

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution, ccsdk/sli/plugins

commons-collections

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

commons-collections

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

commons-fileupload

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

commons-fileupload

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

commons-fileupload

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution, ccsdk/sli/plugins

dom4j

Need to upgrade to version 2.1.1 or higher

Need to upgrade to version 2.1.1 or higher

ccsdk/distribution

io.netty

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

io.netty

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

io.netty

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

io.netty

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution, ccsdk/features

javax.mail

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

javax.mail

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/sli/adaptors

javax.mail

Inherited from OpenDaylight

Must be updated to 1.4.5 to be consistent with ODL

ccsdk/distribution

net.sf.ehcache

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

net.sf.ehcache

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

net.sf.ehcache

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

net.sf.ehcache

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

net.sf.ehcache

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

net.sf.ehcache

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

net.sf.ehcache

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

net.sf.ehcache

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.activemq

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.activemq

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.faces.core

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.hadoop

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.hadoop

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.hadoop

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.hadoop

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.hadoop

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.hadoop

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.hadoop

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.hadoop

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.hadoop

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.hbase

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors

org.apahe.httpcomponents

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/core, ccsdk/sli/northbound, ccsdk/sli/plugins

org.apache.karaf.jaas

Need to upgrade to version 4.5.3 or higher

Plan to upgrade to version >= 4.5.3

ccsdk/apps, ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/core, ccsdk/sli/northbound, ccsdk/sli/pliugins

org.apache.karaf.jaas

Need to upgrade to version 4.3.6 or higher

Plan to upgrade to version >= 4.5.3

ccsdk/apps, ccsdk/distribution

org.apache.karaf.webconsole

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

org.apache.karaf.webconsole

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

org.apache.karaf.webconsole

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

org.apache.karaf.webconsole

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.myfaces.core

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.servicemix.bundles

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.servicemix.bundles

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.servicemix.bundles

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.servicemix.bundles

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.shiro

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.shiro

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps

org.apache.tomcat.embed

Need to upgrade to version 8.5.32 or higher

Plan to upgrade version >= 8.5.32

ccsdk/apps

org.apache.tomcat.embed

Need to upgrade to version 8.5.28 or higher

Plan to upgrade version >= 8.5.32

ccsdk/apps

org.apache.tomcat.embed

Need to upgrade to version 8.5.32 or higher

Plan to upgrade version >= 8.5.32

ccsdk/apps

org.apache.tomcat.embed

Need to upgrade to version 8.5.23 or later

Plan to upgrade version >= 8.5.32

ccsdk/apps

org.apache.tomcat.embed

Need to upgrade to version 8.5.32 or higher

Plan to upgrade version >= 8.5.32

ccsdk/apps

org.apache.tomcat.embed

Need to upgrade to version 8.5.28 or higher

Plan to upgrade version >= 8.5.32

ccsdk/apps

org.apache.tomcat.embed

Need to upgrade to version > 8.5.16

Plan to upgrade version >= 8.5.32

ccsdk/apps

org.apache.tomcat.embed

Need to upgrade to version 8.5.32 or higher

Plan to upgrade version >= 8.5.32

ccsdk/distribution

org.apache.zookeeper

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.apache.zookeeper

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.bouncycastle

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.bouncycastle

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.bouncycastle

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.bouncycastle

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.codehaus.jackson

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.codehaus.jackson

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.dom4j

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.eclipse.jetty

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.eclipse.jetty

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.eclipse.jetty

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.eclipse.jetty

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.eclipse.jetty

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.eclipse.jetty

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.eclipse.jetty.aggregate

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.eclipse.jetty.aggregate

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

org.hibernate

Need to upgrade to version 5.3.6.Final or later

Plan to upgrade to version >= 5.3.6.Final

ccsdk/distribution

org.infinispan

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.infinispan

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.jboss.narayana.osgi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.jboss.narayana.osgi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.jboss.narayana.osgi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.jboss.narayana.osgi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.jgroups

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps

org.liquibase

False positive?
CVE refers to jQuery, not liquibase.

Unknown - inadequate information in tool

ccsdk/apps

org.liquibase

False positive?

CVE refers to bootstrap, not liquibase

Unknown - inadequate information in tool

ccsdk/apps, ccsdk/distribution

org.ops4j.pax.tipi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

org.ops4j.pax.tipi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

org.ops4j.pax.tipi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

org.ops4j.pax.tipi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

org.ops4j.pax.tipi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

org.ops4j.pax.tipi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.ops4j.pax.tipi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.ops4j.pax.tipi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.ops4j.pax.tipi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.ops4j.pax.tipi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.ops4j.pax.tipi

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.ops4j.pax.web

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

org.postgresql

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps

org.springframework

Need to upgrade to version 4.3.15 or higher

Plan to upgrade to version >= 4.3.17

ccsdk/apps

org.springframework

Need to upgrade to version 4.3.17 or higher

Plan to upgrade to version >= 4.3.17

ccsdk/parent

org.springframework

Need to upgrade to version 4.3.15 or higher

Plan to upgrade to version >= 4.3.17

ccsdk/apps

org.springframework

Need to upgrade to version 4.3.17 or higher

Plan to upgrade to version >= 4.3.17

ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/plugins

org.springframework

Need to upgrade to version 4.3.15 or higher

Plan to upgrade to version >= 4.3.17

ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/plugins

org.springframework

Need to upgrade to version 4.3.17 or higher

Plan to upgrade to version >= 4.3.17

ccsdk/parent

org.springframework

Need to upgrade to version 4.3.18 or higher

Plan to upgrade to version >= 4.3.18

ccsdk/parent

org.springframework

Need to upgrade to version 4.3.18 or higher

Plan to upgrade to version >= 4.3.18

ccsdk/apps

org.springframework

Need to upgrade to version 4.3.18 or higher

Plan to upgrade to version >= 4.3.18

ccsdk/apps

org.springframework

Need to upgrade to version 4.3.18 or higher

Plan to upgrade to version >= 4.3.18

ccsdk/distribution, ccsdk/features

org.springframework

Need to upgrade to version 4.3.15 or higher

Plan to upgrade to version >= 4.3.18

ccsdk/distribution, ccsdk/features

org.springframework

Need to upgrade to version 4.3.18 or higher

Plan to upgrade to version >= 4.3.18

ccsdk/apps

org.springframework

Need to upgrade to version 4.3.18 or higher

Plan to upgrade to version >= 4.3.18

ccsdk/apps

org.springframework

Need to upgrade to version 4.3.15 or higher

Plan to upgrade to version >= 4.3.18

ccsdk/apps

org.springframework.boot

Need to upgrade to version 1.5.10 or highrer

Plan to upgrade to version >= 1.5.10

ccsdk/apps

org.springframework.data

Need to upgrade to version 1.3.10 or higher

Plan to upgrade version >= 1.3.12

ccsdk/apps

org.springframework.data

Need to upgrade to version 1.3.11 or higher

Plan to upgrade version >= 1.3.12

ccsdk/apps

org.springframework.data

Need to upgrade to version 1.3.12 or higher

Plan to upgrade version >= 1.3.12

ccsdk/distribution

angular

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

angular

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

angular

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

angular

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

angular

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

angular

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angularjs

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angularjs

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angularjs

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angularjs

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angularjs

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angularjs

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angular-material

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angular-material

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angular-sanitize

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angular-sanitize

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angular-sanitize

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angular-sanitize

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

angular-sanitize

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

bl

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

deep-extend

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

handlebars

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/apps, ccsdk/distribution

jquery

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

jquery

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

jquery

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

jquery

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

jquery

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

lodash-amd

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

minimatch

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

qs

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

request

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

request

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

semver

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

shell-quote

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

tough-cookie

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight

ccsdk/distribution

tough-cookie

Inherited from OpenDaylight

Must be fixed in upstream OpenDaylight