Casablanca Maintenance CLAMP Security/Vulnerability Report
- Amy Zwarico
This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
Repository | Group | Impact Analysis | Action |
|---|---|---|---|
clamp | com.fasterxml.jackson.core | the issue has been removed from the CLAMP core code in "Dublin Release" only, so it is still present in the "Casablanca Maintenance Release". note: there is a remaining usage of "Jackson" coming from sdc client library so we depend on SDC project to remove that reference to "Jackson" library. | |
clamp | com.fasterxml.jackson.core | same as above. | |
clamp | com.fasterxml.jackson.core | same as above. | |
clamp | com.fasterxml.jackson.core | same as above. | |
clamp | com.fasterxml.jackson.datatype | same as above. | |
clamp | angular | need to go to higher version of angular which requires a complete re-work of the CLAMP UI. | CLAMP-223: replace "angular.js" and move to "React" for security issuesClosed |
clamp | angular | need to go to higher version of angular which requires a complete re-work of the CLAMP UI. | CLAMP-223: replace "angular.js" and move to "React" for security issuesClosed |
clamp | org.springframework.security | need more investigation since it is linked to spring framework whatever the version. | |
clamp | angular | need to go to higher version of angular which requires a complete re-work of the CLAMP UI. | CLAMP-223: replace "angular.js" and move to "React" for security issuesClosed |
clamp | lodash | issue solved in "Dublin Release" only, so still present in "Casablanca Maintenance Release". "loadash" has been removed from GUI code in "Dublin Release" only as it was actually not used. |