Log4j upgrade recommendation

Owned by Paweł Pawlak
Last updated: Mar 08, 2022 by Amy Zwarico
1 min read

Following the vulnerabilities related to log4j ONAP SECCOM recommends all the impacted projects to uprade to version 2.17.1. 

More details in attached presentation:

 

Istanbul Maintenance Update

Log4j vulnerabilities in direct dependencies were removed from A&AI, DMAAP, SDNC and VNFSDK. Log4j vulnerabilities introduced by transitive dependencies are still in A&AI, CCSDK, DCAE, DMAAP, MULTICLOUD, SDNC, SO, VNFSDK.