Repository | Group | Impact Analysis | Action |
---|---|---|---|
so/libs | com.fasterxml.jackson.core | False positive Jackson: can be an issue if we leave on default typing
| No Action. All of the existing jackson databind have vulnerabilities issues. |
SO | org.eclipse.jetty | Pulled in by Springboot 1.5.13-RELEASE Note: We don't use jetty, but it is impractical to exclude | Planning for a spring boot upgrade to 2.0 in Dublin. |
com.fasterxml.jackson.core | False positive Jackson: can be an issue if we leave on default typing
| No Action All of the existing jackson databind have vulnerabilities issues. | |
ch.qos.logback | Pulled in by Springboot 1.5.13-RELEASE | Planning for a spring boot upgrade to 2.0 in Dublin. | |
org.slf4j | Pulled in by Springboot 1.5.13-RELEASE and also specified by SO | Planning for a spring boot upgrade to 2.0 in Dublin. | |
org.apache.tomcat.embed | Pulled in by Springboot 1.5.13-RELEASE Note: Tomcat CORS is turned off in our application Not really an issue since the feature is turned off. | No Action. Planning for a spring boot upgrade to 2.0 in Dublin. | |
org.apache.commons | Pulled in by Camunda 7.8.0 We aren't using any email features in BPMN. | No Action for Casablanca. File for exception in Casablanca, Upgrade Camunda to 1.9.0 in Dublin | |
org.slf4j-ext | pulled from org.springframework.boot:spring-boot-starter-logging:jar:1.5.13.RELEASE not specified in SO code | ||
jetty-http | no dependency found | ||
logback-classic | pulled from org.springframework.boot:spring-boot-starter-web:jar:1.5.13.RELEASE no direct dependency. |
General
Content
Integrations