Dublin Logging Security/Vulnerability Report
This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
Repository | Group | Impact Analysis | Action |
logging-analytics pomba-aai-context-builder pomba-context-aggregator pomba-network-discovery-context-builder pomba-sdc-context-builder | com.fasterxml.jackson.core |
For network-discovery-context-builder: org.springframework.boot:spring-boot-starter-web:jar:1.5.17.RELEASE:compile For aai-context-builder: org.springframework.boot:spring-boot-starter-web:jar:1.5.17.RELEASE:compile For context-aggregator: org.onap.dmaap.messagerouter.dmaapclient:dmaapClient:jar:1.1.5:compile |
LOG-826 - Logging/POMBA CLM: fix/address/red-flag jackson-databind-2.8.11.3 SEC Open |
logging-analytics | com.fasterxml.jackson.core |
|
LOG-1060: Logging CLM: fix/address/red-flag jackson-databind-2.8.6 SECClosed |
pomba-audit-common | com.fasterxml.jackson.core |
|
|
logging-analytics | org.glassfish.hk2.external |
| No action |
handelbars |
| LOG-827 - Logging/POMBA CLM: fix/address/red-flag handlebars-2.0.0.js SEC - upgrade to 4.0.0+ Open | |
stipsan/uikit (swagger) |
| WIll close LOG-828 | |
logback-classic |
| Will close LOG-846 | |
struts-core |
|
LOG-1062: POMBA-SDNC-CONTEXT-BUILDER CLM: fix/address/red-flag struts-core : 1.3.8-2.4.5 SECClosed | |
struts-taglib |
| No action | |
org.codehaus.plexus |
|
| |
dom4j |
| No action | |
commons-beanutils |
|
| |
org.apache.ant |
| No action | |
org.jsoup |
| No action | |
logging-analytics | org.apache.tomcat.embed |
|
|
logging-analytics | commons-codec |
|
|
pomba-aai-context-builder pomba-context-aggregator | org.eclipse.jetty |
|
|
pomba-aai-context-builder pomba-context-aggregator | org.eclipse.jetty |
9.4.13.v20181111 - upgrade planned for El Alto |
|
pomba-context-aggregator | ch.qos.logback |
|
|
pomba-sdnc-context-builder | org.apache.camel |
|
|