-
Task
-
Resolution: Done
-
Medium
-
None
-
SDC Sprint 24
LF CLM report identified a vulnerability in the flowing dependency:
group: org.codehaus.groovy
Artifact: groovy
this dependency was identified in:
Dependency org.codehaus.groovy:groovy:jar:2.4.7 located at Module org.openecomp.sdc.onboarding:notifications-fe:war:1.3.0-SNAPSHOT
Dependency org.codehaus.groovy:groovy:jar:2.4.7 located at Module org.openecomp.sdc.onboarding:onboarding-be:war:1.3.0-SNAPSHOT
the closest version with a fix is 2.4.8
it looks like in a lot of places we use groovy all dependency which brings a lot of things that may not be needed consider replacing with groovy jar or groovy-all-minimale
- mentioned in
-
Page Loading...