Uploaded image for project: 'Policy Framework'
  1. Policy Framework
  2. POLICY-4406

Mitigate vulnerable dependencies in CDS

XMLWordPrintable

      CDS pulls in a number of dependencies, some of which are vulnerable.

       

      Ideally, it would be good to work towards CDS over an API. Alternatively, the dependencies should be updated to versions that do not have vulnerabilities.

       

      Check the CLM reports for models, apex-pdp, and drools-pdp,especially for:

      io.grpc:grpc-core

      The following dependencies are overridden in policy-parent integration but it would be better to have them corrected in CDS:

                 <dependency>
                      <groupId>com.google.protobuf</groupId>
                      <artifactId>protobuf-java</artifactId>
                      <version>3.21.7</version>
                  </dependency>

                  <dependency>
                      <groupId>org.jetbrains.kotlin</groupId>
                      <artifactId>kotlin-daemon-client</artifactId>
                      <version>1.7.20</version>
                  </dependency>

                  <dependency>
                      <groupId>org.jetbrains.kotlin</groupId>
                      <artifactId>kotlin-scripting-jvm</artifactId>
                      <version>1.7.20</version>
                  </dependency>

            adheli.tavares Adheli Tavares
            liamfallon liamfallon
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: