Uploaded image for project: 'Service Design and Creation'
  1. Service Design and Creation
  2. SDC-1325

fix security vilation SONATYPE-2015-0002

XMLWordPrintable

    • SDC Sprint 20, SDC Sprint 24

      LF CLM report identified a vulnerability in the flowing dependency:

      group: org.apache.logging.log4j

      Artifact: log4j-core

      this dependency was identified in:

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.onap.sdc.common:onap-configuration-management-core:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.onap.sdc.common:onap-configuration-management-test:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.core.tools:openecomp-zusammen-tools:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.core:openecomp-heat-lib:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.core:openecomp-tosca-lib:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:action-library-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:onboarding-be:war:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:validation-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:validation-rest-types:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:vendor-license-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:vendor-license-rest-types:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:vendor-software-products-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:vendor-software-products-rest-types:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc.onboarding:vnf-repository-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:conflict-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:conflict-rest-types:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:conflict-rest:pom:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:item-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:item-rest-types:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-conflict-core:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-action-manager:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-conflict-manager:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-enrichment-core:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-enrichment-impl:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-enrichment-lib:pom:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-healing-api:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-healing-core:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-healing-impl:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-model-api:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-model-core:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-model-impl:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-model-lib:pom:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-tosca-generator-api:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-tosca-generator-core:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-translator-api:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-translator-core:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-validation-core:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-validation-impl:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-validation-manager:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-validation-sdk:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-vendor-license-manager:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-vendor-software-product-api:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-vendor-software-product-core:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-sdc-vendor-software-product-manager:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-tosca-converter-api:jar:1.3.0-SNAPSHOT

      Dependency org.apache.logging.log4j:log4j-core:jar:2.7 located at Module org.openecomp.sdc:openecomp-tosca-converter-core:jar:1.3.0-SNAPSHOT

      the closest version with a fix is 2.8.2

            vempo vempo
            ml636r ml636r
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 1 day
                1d
                Remaining:
                Remaining Estimate - 1 day
                1d
                Logged:
                Time Spent - Not Specified
                Not Specified