Uploaded image for project: 'Vnfsdk'
  1. Vnfsdk
  2. VNFSDK-368

Fix VNFSDK Functest vulnerabilities

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: High High
    • Dublin Release
    • None
    • None

      2019/4/17:

      https://nexus-iq.wl.linuxfoundation.org/assets/index.html#/reports/onap-vnfsdk-functest/0d86c12a622d4a0eb9aa366706ee6c66

      com.h2 database:

      We update the version of h2 to 1.4.199, currently the threat level is 6. this is not only used during the unit-testing, just this Component named function-test.

      com.github.roskart.dropwizard-jaxws : dropwizard-jaxws-example v.1.0.5 has 10 CVE's

      Yes, we confirmed. and we are also searching for the alternative.

      org.postgresql : postgresql : 42.2.5, 

      the related CVE is marked as disputed (see https://nvd.nist.gov/vuln/detail/CVE-2019-9193 for further details). and it's commonly used and without newer version. we'd like to ask exception for it. 

      Jackson:  we are working on using the Gson as the Alternative of jackson

       

        1. image-2019-02-18-20-52-21-352.png
          image-2019-02-18-20-52-21-352.png
          86 kB

            kailun.qin kailun.qin
            g310497 g310497
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: