Hi Michael, Thanks for the known vulnerability analysis (https://wiki.onap.org/pages/viewpage.action?pageId=28377537). I had a few questions:
For aaf-authz-docker (com.thoughtworks.xstream), I couldn't quite understand the analysis and your understanding of the exposure that SDC has to the vulnerability? Are the JIRA numbers SDC-805 & SDC-807? For sdc-sdc-tosca (com.fasterxml.jackson.core), are you using jakson-databind in such a way that the vulnerability is exposed? See the msb analysis for reference: (https://wiki.onap.org/pages/viewpage.action?pageId=25439016)? BR, Steve [Ericsson]<http://www.ericsson.com/> STEPHEN TERRILL Technology Specialist POA Architecture and Solutions Business Unit Digital Services Ericsson Ericsson R&D Center, via de los Poblados 13 28033, Madrid, Spain Phone +34 339 3005 Mobile +34 609 168 515 [email protected] www.ericsson.com [http://www.ericsson.com/current_campaign]<http://www.ericsson.com/current_campaign> Legal entity: Ericsson EspaƱa S.A, compay registration number ESA288568603. This Communication is Confidential. We only send and receive email on the basis of the terms set out at www.ericsson.com/email_disclaimer<http://www.ericsson.com/email_disclaimer>
_______________________________________________ ONAP-TSC mailing list [email protected] https://lists.onap.org/mailman/listinfo/onap-tsc
