-
Sub-task
-
Resolution: Done
-
Medium
-
None
Mapper version revision required as noted on last column
Status | Priority | Component name and version | Threat level | Recommended version | Project’s assessment/Istanbul Target (M2) |
OPEN | 1 | xstream : 1.4.11.1 | 9 9 9 9 9 9 8 8 7 7 7 6 |
1.4.16 | As there is 1.4.17 available with no policy voilation, try upgrading to it for Istanbul |
OPEN | 1 | log4j : 1.2.17 | 9 | 2.14.1 (log4j-core) | 1.2.17 is the latest version; log4j-core is different library. No change for istanbul |
OPEN | 2 | httpclient : 4.5.8 | 5 | 4.5.13 | Update per SECCOM recommended version |
OPEN | 2 | xercesImpl : 2.12.1 | 5 | ??? | Already on latest; no change for istanbul |
OPEN | org.codehaus.groovy : groovy-all : 2.4.14 | 6 | Select 2.4.21: Next version with no policy violation |