A lot seem to just be base spring-boot imports, some are not used. I can look at how we would possibly exclude them. I upgraded today the cxf, dependency, so we should re-run the scan to see if that one goes away at least.
Thanks -Steve From: <[email protected]> on behalf of Marcus G K Williams <[email protected]> Reply-To: "[email protected]" <[email protected]>, "[email protected]" <[email protected]> Date: Tuesday, August 7, 2018 at 3:48 PM To: "[email protected]" <[email protected]>, "[email protected]" <[email protected]> Subject: Re: [onap-discuss] [SO] SO Nexus IQ Security Vulnerabilities Hi Seshu, If the issues had been addressed in Beijing, we forgot to cherry pick them to master. But I doubt that because CLM seemed to be broken until recently. The scan is running on jenkings in the CLM job and it is scanning master. Here are the last two jobs run on master (they match vulnerability numbers I stated below): https://jenkins.onap.org/view/so/job/so-maven-clm-master/31/<https://urldefense.proofpoint.com/v2/url?u=https-3A__jenkins.onap.org_view_so_job_so-2Dmaven-2Dclm-2Dmaster_31_&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=VZISSA4mDEjMVHPnokzzXs1i0jvSvMZc3v8X9-88XUs&s=SZWmwnBpekGukcnRWoqCGUVLMVrazK9IMbbDHxyz6_M&e=> https://jenkins.onap.org/view/so/job/so-libs-maven-clm-master/47/<https://urldefense.proofpoint.com/v2/url?u=https-3A__jenkins.onap.org_view_so_job_so-2Dlibs-2Dmaven-2Dclm-2Dmaster_47_&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=shs6nPzThSiGJml9VXN0Eg&m=VZISSA4mDEjMVHPnokzzXs1i0jvSvMZc3v8X9-88XUs&s=rI6pwE1JPjvARw0kvAtUxCpxUAD3k2x3asNp1H5oowY&e=> Either way, we should discuss as a community how to tackle these and future security/license issues. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11727): https://lists.onap.org/g/onap-discuss/message/11727 Mute This Topic: https://lists.onap.org/mt/24216241/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
