-
Task
-
Resolution: Done
-
Medium
-
None
-
SDC Sprint 24
LF CLM report identified a vulnerability in the flowing dependency:
group: org.apache.cxf
Artifact: cxf-rt-transports-http
this dependency was identified in:
**Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:action-library-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:onboarding-be:war:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:validation-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:vendor-license-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:vendor-software-products-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:vendor-software-products-rest-types:jar:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:vnf-repository-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc:application-config-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc:conflict-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc:healthcheck-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc:item-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc:notifications-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc:togglz-rest-services:jar:1.3.0-SNAPSHOT
Dependency org.apache.cxf:cxf-rt-transports-http:jar:2.2.2 located at Module org.openecomp.sdc.onboarding:notifications-fe:war:1.3.0-SNAPSHOT
the closest version with a fix is 3.1.16