-
Task
-
Resolution: Done
-
Medium
-
None
-
None
-
SDC Sprint 22, SDC Sprint 23
LF CLM report identified a vulnerability in the flowing dependency:
group: org.codehaus.groovy
Artifact: groovy
this dependency was identified in:
Dependency org.codehaus.groovy:groovy:jar:2.4.1 located at Module org.openecomp.sdc.be:catalog-dao:jar:1.3.0-SNAPSHOT
Dependency org.codehaus.groovy:groovy:jar:2.4.1 located at Module org.openecomp.sdc.be:catalog-model:jar:1.3.0-SNAPSHOT
Dependency org.codehaus.groovy:groovy:jar:2.4.1 located at Module org.openecomp.sdc:asdctool:jar:1.3.0-SNAPSHOT
Dependency org.codehaus.groovy:groovy:jar:2.4.1 located at Module org.openecomp.sdc:catalog-be:war:1.3.0-SNAPSHOT
Dependency org.codehaus.groovy:groovy:jar:2.4.1 located at Module org.openecomp.sdc:test-apis-ci:jar:1.3.0-SNAPSHOT
Dependency org.codehaus.groovy:groovy:jar:2.4.1 located at Module org.openecomp.sdc:ui-ci:jar:1.3.0-SNAPSHOT
the closest version with a fix is 2.4.8
it looks like in a lot of places we use groovy all dependency which brings a lot of things that may not be needed consider replacing with groovy jar or groovy-all-minimal
reopened need to fix the issue with the indy dependency that is still showen in the clm report
- mentioned in
-
Page Loading...