Hi Randa, I was reviewing the analysis of the known vulnerabilities of APPC and I had a few questions (https://wiki.onap.org/pages/viewpage.action?pageId=25438971 ). Thank-you for the good analysis.
What I understand is that the known vulnerabilities that impact APPC are mainly related to Jackson-mapper-asl. Some of the comments indicate that you need to change to the Jackson-jars code. Is that something that is done, or planned to be done? I was unclear whether the way APPC uses Jackson whether it exposes the vulnerability or not, could you please clarify that. Please have a look at the analysis given by MSB (https://wiki.onap.org/pages/viewpage.action?pageId=25439016) for how they viewed it. Then the aaf-authz-docker - I wasn't sure why you stated that it wasn't applicable to you? Best Regards, Steve. [Ericsson]<http://www.ericsson.com/> STEPHEN TERRILL Technology Specialist POA Architecture and Solutions Business Unit Digital Services Ericsson Ericsson R&D Center, via de los Poblados 13 28033, Madrid, Spain Phone +34 339 3005 Mobile +34 609 168 515 [email protected] www.ericsson.com [http://www.ericsson.com/current_campaign]<http://www.ericsson.com/current_campaign> Legal entity: Ericsson EspaƱa S.A, compay registration number ESA288568603. This Communication is Confidential. We only send and receive email on the basis of the terms set out at www.ericsson.com/email_disclaimer<http://www.ericsson.com/email_disclaimer>
_______________________________________________ ONAP-TSC mailing list [email protected] https://lists.onap.org/mailman/listinfo/onap-tsc
