-
Bug
-
Resolution: Done
-
Medium
-
Beijing Release
-
None
-
None
There is a bunch of security issues after the scan for PRH component:
- Licensing - we need alternatives licensed under Apache2/MIT to cover:
- com.github.jnr: jnr-posix 3.0.12
- As quick fix we can update to: 3.0.27 or 3.0.44
- org.glassfish.jersey.connectors:jersey-apache-connector 2.22.2
- As quick fix, we can update to: 2.25.1
- com.github.jnr: jnr-posix 3.0.12
- Security:
- Bouncycastle 1.52–> Upgrade to 1.56 at least
- Plexus --> Upgrade to 3.0.24 or higher
- Jackson --> Upgrde to 2.9.5 (released March 2018)
- relates to
-
DCAEGEN2-393 PRH micro-service
- Closed