Guilin Exception Request for REQ-323 for CCSDK
- Dan Timoney
Name | @Dan Timoney |
Milestone or Requirements Exception? | Requirement |
Project or Requirement Name and JIRA | REQ-323: Each project will update the vulnerable direct dependencies in their code baseDone Exception required for third party libraries pre-installed in OpenDaylight Sodium SR4 distribution. |
Milestones affected | N/A |
Projects affected | N/A |
Background description | Components deployed within OpenDaylight's karaf container must use the version of third party libraries that come preinstalled in order to avoid version conflicts. We have updated all the direct dependencies that we can without creating version conflicts and noted those that cannot be addressed in the appropriate secure wiki page for third party vulnerabilites for CCSDK. |
Schedule impact | N/A |
Recovery plan | Many of these vulnerabilities should be resolved in Honolulu, when we upgrade to the next Opendaylight release. Also, we are making changes in CCSDK and SDNC to create new pods that run outside OpenDaylight to eliminate the need to be bound by OpenDaylight versions. |
Milestone schedule change | N.A |
Risk | As long as we need to support deploying our code within OpenDaylight, we are going to be constrained by its third party versions. Once we get to the point where we no longer run within the ODL karaf container, that risk will no longer exist. |
Status | |
Decision |