-
Task
-
Resolution: Done
-
Medium
-
None
-
SDC Sprint 20, SDC Sprint 24
LF CLM report identified a vulnerability in the flowing dependency:
group: org.apache.logging.log4j
Artifact: log4j-core
this dependency was identified in:
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.onap.sdc.common:onap-configuration-management-core:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.onap.sdc.common:onap-configuration-management-test:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.core.tools:openecomp-zusammen-tools:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.core:openecomp-heat-lib:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.core:openecomp-tosca-lib:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:action-library-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:onboarding-be:war:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:validation-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:validation-rest-types:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:vendor-license-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:vendor-license-rest-types:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:vendor-software-products-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:vendor-software-products-rest-types:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:vnf-repository-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:conflict-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:conflict-rest-types:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:conflict-rest:pom:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:item-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:item-rest-types:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-conflict-core:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-action-manager:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-conflict-manager:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-enrichment-core:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-enrichment-impl:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-enrichment-lib:pom:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-healing-api:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-healing-core:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-healing-impl:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-model-api:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-model-core:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-model-impl:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-model-lib:pom:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-tosca-generator-api:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-tosca-generator-core:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-translator-api:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-translator-core:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-validation-core:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-validation-impl:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-validation-manager:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-validation-sdk:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-vendor-license-manager:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-vendor-software-product-api:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-vendor-software-product-core:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-vendor-software-product-manager:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-tosca-converter-api:jar:1.3.0-SNAPSHOT
Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-tosca-converter-core:jar:1.3.0-SNAPSHOT
the closest version with a fix is 2.8.2
- mentioned in
-
Page Loading...