-
Task
-
Resolution: Done
-
Medium
-
None
-
SDC Sprint 24
LF CLM report identified a vulnerability in the flowing dependency:
group: org.eclipse.jetty
Artifact: jetty-http
this dependency was identified in:
Dependency org.eclipse.jetty:jetty-http:jar:9.0.6.v20130930 located at Module org.openecomp.sdc.onboarding:onboarding-be:war:1.3.0-SNAPSHOT
Dependency org.eclipse.jetty:jetty-http:jar:9.3.6.v20151106 located at Module org.openecomp.sdc.onboarding:notifications-fe:war:1.3.0-SNAPSHOT
the closest version with a fix is 9.4.11.v20180605
Note this may require updating the jetty used in the deployment.