Hi Seshu, If the issues had been addressed in Beijing, we forgot to cherry pick them to master. But I doubt that because CLM seemed to be broken until recently. The scan is running on jenkings in the CLM job and it is scanning master.
Here are the last two jobs run on master (they match vulnerability numbers I stated below): https://jenkins.onap.org/view/so/job/so-maven-clm-master/31/ https://jenkins.onap.org/view/so/job/so-libs-maven-clm-master/47/ Either way, we should discuss as a community how to tackle these and future security/license issues. Thanks, Marcus Williams IRC, Twitter, etc. @ mgkwill Intel Corp. From: [email protected] [mailto:[email protected]] On Behalf Of seshu kumar m Sent: Tuesday, August 7, 2018 5:58 AM To: [email protected]; Williams, Marcus <[email protected]> Subject: Re: [onap-discuss] [SO] SO Nexus IQ Security Vulnerabilities Hi Marcus Some of the current vulnerabilities are from Beijing which are addressed in the previous release. We will discuss the details and provide the fix soon after the API review in the SO weekly meeting. Thanks and Regards, M Seshu Kumar Senior System Architect Single OSS India Branch Department. S/W BU. Huawei Technologies India Pvt. Ltd. Survey No. 37, Next to EPIP Area, Kundalahalli, Whitefield Bengaluru-560066, Karnataka. Tel: + 91-80-49160700 , Mob: 9845355488 [Company_logo] ___________________________________________________________________________________________________ This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! ------------------------------------------------------------------------------------------------------------------------------------------------------------------- From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Marcus G K Williams Sent: Tuesday, August 07, 2018 4:38 AM To: [email protected]<mailto:[email protected]> Subject: [onap-discuss] [SO] SO Nexus IQ Security Vulnerabilities Hi SO Community, I just checked out SO sections of Nexus IQ Security/Licensing Report. See links below (login with LF user/pass) or attached PDFs. https://nexus-iq.wl.linuxfoundation.org/assets/index.html#/reports/so/71843a6fd9ad4d67904aa35a9aa5a03e https://nexus-iq.wl.linuxfoundation.org/assets/index.html#/reports/so-libs/958a9efb533341f3a0fd5aadd44dd9b3 We have a total of 15 critical and 23 severe security issues, as well as 24 severe licensing issues. It would be good to organize some way to resolve these issues. Maybe we can discuss at the next SO weekly meeting. Thanks, Marcus Williams IRC, Twitter, etc. @ mgkwill Intel Corp. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11726): https://lists.onap.org/g/onap-discuss/message/11726 Mute This Topic: https://lists.onap.org/mt/24216241/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
