-
Story
-
Resolution: Done
-
Medium
-
None
-
None
Address vulnerabilities identified by SECCOM under https://wiki.onap.org/pages/viewpage.action?pageId=84672487
dcaegen2-analytics-tca-gen2
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment |
OPEN | 1 | io.projectreactor.netty : reactor-netty : 0.8.8.RELEASE | 8 7 7 |
0.9.12.RELEASE | Completed |
OPEN | 1 | io.springfox : springfox-swagger2 : 2.9.2 | 5 | 3.0.0 | Completed |
OPEN | 1 | io.undertow : undertow-core : 2.0.27.Final | 9 8 7 7 6 6 9 9 5 |
2.2.2.Final | Completed |
dcaegen2-collectors-datafile
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment |
OPEN | 1 | commons-io : commons-io : 1.3.2 | 7 | 2.8.0 | |
OPEN | 1 | io.springfox : springfox-swagger-ui : 2.9.2 | 9 6 6 |
3.0.0 | |
OPEN | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.36 | 7 5 |
9.0.39 | |
OPEN | 1 | org.springframework : spring-web : 5.2.8.RELEASE | 9 6 |
5.2.10.RELEASE | |
OPEN | 2 | io.springfox : springfox-swagger2 : 2.9.2 | 5 | 3.0.0 |
onap-dcaegen2-collectors-restconf
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment |
OPEN | 2 | io.springfox : springfox-swagger2 : 2.9.2 | 5 | 3.0.0 | |
OPEN | 2 | Junit : junit : 4.12 | 4 | org.junit.jupiter » junit-jupiter-api 5.7.0 |
dcaegen2-collectors-ves
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment |
OPEN | 1 | io.projectreactor.netty : reactor-netty : 0.8.8.RELEASE | 8 7 7 |
0.9.12.RELEASE | |
OPEN | 1 | io.springfox : springfox-swagger-ui : 2.9.2 | 9 6 6 |
3.0.0 | |
OPEN | 2 | Junit : junit : 4.12 | 4 | org.junit.jupiter » junit-jupiter-api 5.7.0 |
dcaegen2-platform-inventory-api
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment |
OPEN | 1 | org.postgresql : postgresql : 42.2.5 | 7 | 42.2.18 | Completed |
OPEN | 2 | jetty-server : 9.4.12.v20180830 | 6 5 |
9.4.33.v20201020 | Not done This update requires upgrading dropwizard to >2 version (currently on 1.3.29) |
OPEN | 2 | jetty-util : 9.4.12.v20180830 | 6 5 |
9.4.33.v20201020 | Completed |
OPEN | 2 | org.hibernate : hibernate-validator : 5.3.6.Final | 6 5 |
6.1.6.Final | Upgraded to version 5.4.3 (supported under dropwizard 1.3.29) |
dcaegen2-platform-mod-runtimeapi
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment |
OPEN | 1 | io.springfox : springfox-swagger2 : 2.10.5 | 5 | 3.0.0 | Completed |
dcaegen2-services-mapper
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment |
OPEN | 1 | io.projectreactor.netty : reactor-netty : 0.8.4.RELEASE | 8 7 7 |
0.9.12.RELEASE | |
OPEN | 1 | log4j : 1.2.17 | 9 | 2.13.3 (log4j-core) | |
OPEN | 1 | org.postgresql : postgresql : 42.2.5 | 7 | 42.2.18 | |
OPEN | 2 | org.exist-db.thirdparty.xerces : xercesImpl : 2.12.0 | 5 | 2.12.1 | |
OPEN | 2 | org.javassist : javassist : 3.18.2-GA | 4 | 3.27.0-GA |
dcaegen2-services-pm-mapper
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment |
OPEN | 1 | commons-io : commons-io : 2.6 |
7 | 2.8.0 | |
OPEN | 1 | undertow-core : 2.0.30.Final | 7 6 6 5 |
2.2.2.Final |
dcaegen2-services-prh
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment |
OPEN | 1 | io.projectreactor.netty : reactor-netty : 0.9.1.RELEASE | 7 7 |
0.9.12.RELEASE | |
OPEN | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.30 | 9 7 7 7 5 4 4 |
9.0.39 | |
OPEN | 1 | org.apache.tomcat.embed : tomcat-embed-websocket : 9.0.30 | 7 | 9.0.39 | |
OPEN | 1 | org.springframework : spring-web : 5.2.7.RELEASE | 9 6 |
5.2.10.RELEASE |
dcaegen2-services-son-handler
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment |
OPEN | 1 | io.projectreactor.netty : reactor-netty : 0.8.4.RELEASE | 8 7 7 |
0.9.12.RELEASE | |
OPEN | 1 | org.apache.tomcat.embed : tomcat-embed-core : 9.0.36 | 7 5 |
9.0.39 | |
OPEN | 1 | org.postgresql : postgresql : 42.2.5 | 7 | 42.2.18 | |
OPEN | 1 | org.springframework : spring-web : 5.2.7.RELEASE | 9 6 |
5.2.10.RELEASE |
- relates to
-
DCAEGEN2-2590 Vulnerability removal for TCAgen2
- Closed
-
DCAEGEN2-2591 Vulnerability removal for datafile collector
- Closed
-
DCAEGEN2-2592 Vulnerability removal for restconf collector
- Closed
-
DCAEGEN2-2593 Vulnerability removal for ves collector
- Closed
-
DCAEGEN2-2594 Vulnerability removal for inventoryAPI
- Closed
-
DCAEGEN2-2595 Vulnerability removal for MOD-runtimeAPI
- Closed
-
DCAEGEN2-2596 Vulnerability removal for VES-mapper
- Closed
-
DCAEGEN2-2597 Vulnerability removal for PM-Mapper
- Closed
-
DCAEGEN2-2598 Vulnerability removal for PRH
- Closed
-
DCAEGEN2-2599 Vulnerability removal for SON-handler
- Closed
-
REQ-439 CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES
- In Progress