Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.2.0][Dependency Upgrade] Analyze Trivy scan reports #1302

Closed
msm1992 opened this issue Jan 23, 2023 · 1 comment
Closed

[4.2.0][Dependency Upgrade] Analyze Trivy scan reports #1302

msm1992 opened this issue Jan 23, 2023 · 1 comment
Assignees
@msm1992
Labels
4.2.0-beta Component/APIM Component/MI Component/SI Priority/Normal Type/Task
Milestone
4.2.0-Beta

Comments

@msm1992
Copy link

msm1992 commented Jan 23, 2023
edited
Loading

Description

This issue is created to track progress on trivy scan report analysis on APIM, MI and SI 4.2.0.

scan reports : #1220 (comment)

Affected Component

None

Version

No response

Related Issues

No response

Suggested Labels

No response
@msm1992 msm1992 self-assigned this Jan 23, 2023
@msm1992
Copy link
Author

msm1992 commented Jan 23, 2023

  • Following components in APIM 4.2.0 were identifies as need to be upgraded.
component group id current version version to be upgraded to severity
protobuf-java com.google.protobuf 3.19.3 3.21.7 High
commons-httpclient commons-httpclient.wso2 3.1.0.wso2v6   Medium
json-path net.minidev 2.4   Critical
jsoup org.jsoup 1.14.3 1.15.3 Medium
pax-logging-log4j2 org.ops4j.pax.logging 1.10.1 1.11.10 Critical
spring   5.3.19 6.0.0/5.3.20 Critical
callhome   4.5.x_1.0.13 4.5.x_1.0.15

  • In MI 4.2.0 only jsoup(1.14.3 -> 1.15.3) was identified as need to be upgraded. be upgraded.

  • In MI Dashboard 4.2.0 no new CVEs were found

  • In MI 4.2.0 only guava was identified as need to be upgraded. be upgraded.

@msm1992 msm1992 closed this as completed Jan 23, 2023
@msm1992 msm1992 mentioned this issue Jan 23, 2023
Closed
@npamudika npamudika added this to the 4.2.0-Beta milestone Jan 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@msm1992 msm1992

Labels
4.2.0-beta Component/APIM Component/MI Component/SI Priority/Normal Type/Task
Projects
None yet
Milestone
4.2.0-Beta
Development

No branches or pull requests
2 participants
@npamudika @msm1992