Folks, For projects that use oparent, these have been pushed to the SNAPSHOT versions of oparent for elalto, Frankfurt and master (guilin) branches.
This was presented in a Monday PTL meeting, but as a reminder you can find the available oparent versions here: https://wiki.onap.org/pages/viewpage.action?pageId=10783020 If you have any questions please contact me. thanks, Pam Dragsoh From: <[email protected]> on behalf of "ZWARICO, AMY" <[email protected]> Reply-To: "[email protected]" <[email protected]>, "ZWARICO, AMY" <[email protected]> Date: Monday, June 15, 2020 at 12:21 PM To: "[email protected]" <[email protected]> Subject: [onap-discuss] Updating Vulnerable Direct Dependencies ***Security Advisory: This Message Originated Outside of AT&T *** Reference http://cso.att.com/EmailSecurity/IDSP.html for more information. Based on some research by the oparent team, I’ve updated the Guilin vulnerability recommendations in all of the project tables. * Spring version: 5.2.7.RELEASE * Jetty-http: 9.4.23.v20200521 * Guava: 29.0-jre * Tomcat-embed-core: 9.0.36 * Bootstrap: 4.5.1 * Jackson-core, jackson-databind: 2.11.0 * Jackson-mapper-asl: replace with jackson-databind 2.11.0 * Webjars jquery: 3.5.1 * Apache.webcomponents httpclient: 4.5.12 Please remember that projects need to provide feedback on their upgrade plans by M1 and complete the upgrades by M2/M3. Best regards, Amy Zwarico, LMTS Chief Security Office / Platform Security AT&T Services (205) 613-1667 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#21345): https://lists.onap.org/g/onap-discuss/message/21345 Mute This Topic: https://lists.onap.org/mt/74898235/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
