Uploaded image for project: 'Data Collection, Analytics, and Events'
  1. Data Collection, Analytics, and Events
  2. DCAEGEN2-426

Security issues to be addressed for PRH

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Medium Medium
    • Beijing Release
    • Beijing Release
    • None
    • None

      There is a bunch of security issues after the scan for PRH component:

      1. Licensing - we need alternatives licensed under Apache2/MIT to cover:
        1. com.github.jnr: jnr-posix 3.0.12
          1. As quick fix we can update to: 3.0.27 or 3.0.44 
        2. org.glassfish.jersey.connectors:jersey-apache-connector 2.22.2
          1. As quick fix, we can update to: 2.25.1 
      2. Security:
        1. Bouncycastle 1.52–> Upgrade to 1.56 at least
        2. Plexus --> Upgrade to 3.0.24 or higher
        3. Jackson --> Upgrde to 2.9.5 (released March 2018)

            przemyslaw.wasala przemyslaw.wasala
            deen1985 deen1985
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: