Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »


The tables contain the recommended package version upgrades for outdated direct dependencies with Critical or Severe vulnerabilities identified by NexusIQ. These packages must be upgraded by M2/M3 or a request for a waiver must be requested from SECCOM and the TSC.

  • Priority 1 recommendations have at least one Critical vulnerability.
  • Priority 2 recommendations contain at least one Severe vulnerability, and no Critical vulnerabilities.
  • There are four status values:
    • OPEN - required upgrade identified
    • IN PROGRESS - project working on the upgrade
    • COMPLETE - package has been upgraded to the recommended version
    • WAIVER - project granted a waiver for the upgrade because of technical or resource constraints

When the upgrade of the package is complete change the status in the table to COMPLETE.

If a waiver is granted, change the status to WAIVER.

When the status of all direct dependency replacements is COMPLETE or WAIVER, the Jira ticket should be closed.

dcaegen2-analytics-tca-gen2

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5

???


OPEN

2

undertow-core : 2.2.7.Final

5

5

2.2.14


dcaegen2-collectors-datafile

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

spring-web : 5.3.6

9

7

4

5.3.13

OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5???

onap-dcaegen2-collectors-restconf

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.3.0-alpha10

OPEN

1

com.google.code.gson : gson : 2.8.5

72.8.9

OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5???

dcaegen2-collectors-hv-ves

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9

dcaegen2-collectors-ves

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9

OPEN

2io.netty : netty-codec-http : 4.1.59.Final54.1.70.Final

OPEN

2

io.springfox : springfox-swagger2 : 3.0.0

5???

dcaegen2-platform-mod-genprocessor

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

2

nifi-utils : 1.9.2

51.15.0

dcaegen2-platform-mod2-auth

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9

OPEN

1com.squareup.okhttp3 : okhttp : 4.0.174.9.3

dcaegen2-platform-mod2-catalog

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

com.google.code.gson : gson : 2.8.6

72.8.9

OPEN

1com.squareup.okhttp3 : okhttp : 4.0.174.9.3


OPEN

1

io.springfox : springfox-swagger-ui : 2.9.2

9

6

6

3.0.0

OPEN

2io.springfox : springfox-swagger2 : 2.9.253.0.0

dcaegen2-platform-mod-runtimeapi

Status

Priority

Component name and version

CVE

Threat level

Recommended version

Project’s assessment








caegen2-services-kpi-computation-ms

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.3.0-alpha10

OPEN

1org.springframework : spring-web : 5.3.7

9

4

5.3.13

OPEN

2io.undertow : undertow-core : 2.2.8.Final

5

5

2.2.14.Final

dcaegen2-services-bbs-event-processor

Status

Priority

Component name and version

CVE

Threat level

Recommended version

Project’s assessment








dcaegen2-services-mapper

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

com.google.code.gson : gson : 2.8.5

72.8.9

OPEN

1xstream : 1.4.16

8

1.4.18

OPEN

2

 xercesImpl : 2.12.15???

dcaegen2-services-pm-mapper

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

com.google.code.gson : gson : 2.8.5

72.8.9

OPEN

2

undertow-core : 2.2.9.Final

5

4

4

2.2.14.Final


dcaegen2-services-prh

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

org.apache.tomcat.embed : tomcat-embed-websocket : 9.0.48

7

10.1.0M7


OPEN

1

org.springframework : spring-web : 5.3.8.RELEASE

9

4

5.3.13 RELEASE


dcaegen2-services-sdk

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.3.0-alpha10

OPEN

1

com.google.code.gson : gson : 2.8.5

72.8.9

dcaegen2-services-son-handler

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

ch.qos.logback : logback-core : 1.3.0-alpha0

81.3.0-alpha10

OPEN

1

org.springframework : spring-web : 5.3.7.RELEASE

9

4

5.3.13 RELEASE


OPEN

1

org.apache.tomcat.embed : tomcat-embed-core : 9.0.46

6

10.1.0-M7


dcaegen2-services-slice-analysis-ms

Status

Priority

Component name and version

Threat level

Recommended version

Project’s assessment

OPEN

1

org.springframework : spring-web : 5.3.7.RELEASE

9

4

5.3.13 RELEASE


OPEN

2

org.apache.tomcat.embed : tomcat-embed-core : 9.0.46

6

10.1.0-M7


  • No labels