Uploaded image for project: 'Active and Available Inventory'
  1. Active and Available Inventory
  2. AAI-1107

Security: babel and m-l brings in springboot jersey starter, which includes logback 1.1.11

    XMLWordPrintable

Details

    Description

      As an AAI developer on babel and model-loader, I need to determine whether or not AAI is impacted by this reported vulnerability in NexusIQ. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5929

      Attachments

        # Subject Branch Project Status CR V
        45409,1 Upversion logback classic and core dependencies master aai/babel Status: MERGED +2 +1
        45413,1 Upgrade logback version to 1.2.3 master aai/model-loader Status: MERGED +2 +1

        Activity

          People

            TianL Tian Lee
            jimmydot James Forsyth
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: