Hi Lusheng Ji, I was reviewing the known vulnerability analysis for DCAE, thank-you for the information in the template (https://wiki.onap.org/pages/viewpage.action?pageId=28377647). Regarding the use of Jackson-core and Jackson-data bind, I was not sure whether the use of these exposes the vulnerabilities or not? Please see the MSB analysis for they way it was viewed there (https://wiki.onap.org/pages/viewpage.action?pageId=25439016)
BR, Steve [Ericsson]<http://www.ericsson.com/> STEPHEN TERRILL Technology Specialist POA Architecture and Solutions Business Unit Digital Services Ericsson Ericsson R&D Center, via de los Poblados 13 28033, Madrid, Spain Phone +34 339 3005 Mobile +34 609 168 515 [email protected] www.ericsson.com [http://www.ericsson.com/current_campaign]<http://www.ericsson.com/current_campaign> Legal entity: Ericsson EspaƱa S.A, compay registration number ESA288568603. This Communication is Confidential. We only send and receive email on the basis of the terms set out at www.ericsson.com/email_disclaimer<http://www.ericsson.com/email_disclaimer>
_______________________________________________ ONAP-TSC mailing list [email protected] https://lists.onap.org/mailman/listinfo/onap-tsc
