diff options
author | Dan Timoney <dtimoney@att.com> | 2022-03-23 19:43:18 -0400 |
---|---|---|
committer | Dan Timoney <dtimoney@att.com> | 2022-03-24 12:43:42 +0000 |
commit | 3d4c5dfb9e185c1e93a246c5b0d4462931aebb89 (patch) | |
tree | 363859a097510f124eb0d937ffeba26e7439d1b9 /docs/release-notes.rst | |
parent | 6e99580c2a69d2cbd2994dc51e6f305313248a91 (diff) |
Document transitive log4j dependencies
Document log4j 1.x transitive dependencies in release notes
Issue-ID: CCSDK-3602
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: If32331b32062f386c5beb39e86db8ad36ba4d27a
(cherry picked from commit d94fe513dcb5e0ab5f51bb0ad59f5cd8198751f5)
Diffstat (limited to 'docs/release-notes.rst')
-rw-r--r-- | docs/release-notes.rst | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 217c2bd9..4b6e2c05 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -64,6 +64,28 @@ The full list of `bugs fixed in the CCSDK Istanbul release <https://jira.onap.o The full list of `known issues in CCSDK <https://jira.onap.org/issues/?filter=11341>`_ is maintained on the `ONAP Jira`_. +It should be noted that several CCSDK repositories have a transitive dependency on log4j version 1.x. While this version +is not vulnerable to the recent 'log4shell' vulnerability, there are other known vulnerabilities in this +version. The following table summarizes where log4j 1.x is currently used in CCSDK: + ++----------------+-----------------------------------------------------------------------------------+ +| Repository | Transitive dependencies | ++================+===================================================================================+ +| ccsdk/apps | org.onap.aaf.authz:aaf-misc-env:2.1.21 -> log4j:log4j:1.2.17 | ++----------------+-----------------------------------------------------------------------------------+ +| ccsdk/cds | org.hibernate:hibernate-testing:jar:5.4.32.Final -> log4j:log4j:1.2.17 | ++----------------+-----------------------------------------------------------------------------------+ +| | org.onap.dmaap.messagerouter.dmaapclient:dmaapClient:1.1.5 -> log4j:log4j:1.2.17 | ++----------------+-----------------------------------------------------------------------------------+ +| ccsdk/features | org.onap.aaf.authz:aaf-misc-env:2.1.21 -> log4j:log4j:1.2.17 | ++----------------+-----------------------------------------------------------------------------------+ +| | org.onap.dmaap.messagerouter.dmaapclient:dmaapClient:1.1.12 -> log4j:log4j:1.2.17 | ++----------------+-----------------------------------------------------------------------------------+ +| ccsdk/sli | org.onap.dmaap.messagerouter.dmaapclient:dmaapClient:1.1.12 -> log4j:log4j:1.2.17 | | ++----------------+-----------------------------------------------------------------------------------+ + + + Deliverables ------------ |