XML

Word

Printable

Type: Story
Resolution: Done
Priority: Medium
Fix Version/s: Honolulu Release
Affects Version/s: None
Component/s: dcae-platform, dcae-services
Labels:
None

Epic Link:
DCAE Honolulu Complaince

Address vulnerabilities identified by SECCOM under https://wiki.onap.org/pages/viewpage.action?pageId=84672487

dcaegen2-analytics-tca-gen2

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment
OPEN	1	io.projectreactor.netty : reactor-netty : 0.8.8.RELEASE	8 7 7	0.9.12.RELEASE	Completed
OPEN	1	io.springfox : springfox-swagger2 : 2.9.2	5	3.0.0	Completed
OPEN	1	io.undertow : undertow-core : 2.0.27.Final	9 8 7 7 6 6 9 9 5	2.2.2.Final	Completed

dcaegen2-collectors-datafile

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment
OPEN	1	commons-io : commons-io : 1.3.2	7	2.8.0
OPEN	1	io.springfox : springfox-swagger-ui : 2.9.2	9 6 6	3.0.0
OPEN	1	org.apache.tomcat.embed : tomcat-embed-core : 9.0.36	7 5	9.0.39
OPEN	1	org.springframework : spring-web : 5.2.8.RELEASE	9 6	5.2.10.RELEASE
OPEN	2	io.springfox : springfox-swagger2 : 2.9.2	5	3.0.0

onap-dcaegen2-collectors-restconf

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment
OPEN	2	io.springfox : springfox-swagger2 : 2.9.2	5	3.0.0
OPEN	2	Junit : junit : 4.12	4	org.junit.jupiter » junit-jupiter-api 5.7.0

dcaegen2-collectors-ves

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment
OPEN	1	io.projectreactor.netty : reactor-netty : 0.8.8.RELEASE	8 7 7	0.9.12.RELEASE
OPEN	1	io.springfox : springfox-swagger-ui : 2.9.2	9 6 6	3.0.0
OPEN	2	Junit : junit : 4.12	4	org.junit.jupiter » junit-jupiter-api 5.7.0

dcaegen2-platform-inventory-api

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment
OPEN	1	org.postgresql : postgresql : 42.2.5	7	42.2.18	Completed
OPEN	2	jetty-server : 9.4.12.v20180830	6 5	9.4.33.v20201020	Not done This update requires upgrading dropwizard to >2 version (currently on 1.3.29)
OPEN	2	jetty-util : 9.4.12.v20180830	6 5	9.4.33.v20201020	Completed
OPEN	2	org.hibernate : hibernate-validator : 5.3.6.Final	6 5	6.1.6.Final	Upgraded to version 5.4.3 (supported under dropwizard 1.3.29)

dcaegen2-platform-mod-runtimeapi

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment
OPEN	1	io.springfox : springfox-swagger2 : 2.10.5	5	3.0.0	Completed

dcaegen2-services-mapper

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment
OPEN	1	io.projectreactor.netty : reactor-netty : 0.8.4.RELEASE	8 7 7	0.9.12.RELEASE
OPEN	1	log4j : 1.2.17	9	2.13.3 (log4j-core)
OPEN	1	org.postgresql : postgresql : 42.2.5	7	42.2.18
OPEN	2	org.exist-db.thirdparty.xerces : xercesImpl : 2.12.0	5	2.12.1
OPEN	2	org.javassist : javassist : 3.18.2-GA	4	3.27.0-GA

dcaegen2-services-pm-mapper

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment
OPEN	1	commons-io : commons-io : 2.6	7	2.8.0
OPEN	1	undertow-core : 2.0.30.Final	7 6 6 5	2.2.2.Final

dcaegen2-services-prh

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment
OPEN	1	io.projectreactor.netty : reactor-netty : 0.9.1.RELEASE	7 7	0.9.12.RELEASE
OPEN	1	org.apache.tomcat.embed : tomcat-embed-core : 9.0.30	9 7 7 7 5 4 4	9.0.39
OPEN	1	org.apache.tomcat.embed : tomcat-embed-websocket : 9.0.30	7	9.0.39
OPEN	1	org.springframework : spring-web : 5.2.7.RELEASE	9 6	5.2.10.RELEASE

dcaegen2-services-son-handler

Status	Priority	Component name and version	Threat level	Recommended version	Project’s assessment
OPEN	1	io.projectreactor.netty : reactor-netty : 0.8.4.RELEASE	8 7 7	0.9.12.RELEASE
OPEN	1	org.apache.tomcat.embed : tomcat-embed-core : 9.0.36	7 5	9.0.39
OPEN	1	org.postgresql : postgresql : 42.2.5	7	42.2.18
OPEN	1	org.springframework : spring-web : 5.2.7.RELEASE	9 6	5.2.10.RELEASE

relates to

DCAEGEN2-2590 Vulnerability removal for TCAgen2

Closed

DCAEGEN2-2591 Vulnerability removal for datafile collector

Closed

DCAEGEN2-2592 Vulnerability removal for restconf collector

Closed

DCAEGEN2-2593 Vulnerability removal for ves collector

Closed

DCAEGEN2-2594 Vulnerability removal for inventoryAPI

Closed

DCAEGEN2-2595 Vulnerability removal for MOD-runtimeAPI

Closed

DCAEGEN2-2596 Vulnerability removal for VES-mapper

Closed

DCAEGEN2-2597 Vulnerability removal for PM-Mapper

Closed

DCAEGEN2-2598 Vulnerability removal for PRH

Closed

DCAEGEN2-2599 Vulnerability removal for SON-handler

Closed

REQ-439 CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES

In Progress

(6 relates to)

Assignee:: vv770d

Reporter:: vv770d

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 08/Dec/20 10:42 PM

Updated:: 27/Apr/21 8:03 PM

Resolved:: 27/Apr/21 8:03 PM

Details

Description

dcaegen2-analytics-tca-gen2

dcaegen2-collectors-datafile

onap-dcaegen2-collectors-restconf

dcaegen2-collectors-ves

dcaegen2-platform-inventory-api

dcaegen2-platform-mod-runtimeapi

dcaegen2-services-mapper

dcaegen2-services-pm-mapper

dcaegen2-services-prh

dcaegen2-services-son-handler

Attachments

Issue Links

Activity

People

Dates