Details

    • Type: Task
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Backlog
    • Component/s: None
    • Labels:
      None

      Description

      Some CVE issues exist in fuse bundles:

      unpacked/devstudio-12.9.0.AM2-v20180808-0721-B3149-updatesite-core/
      org.fusesource.ide.camel.model.service.impl.v2151redhat621216_11.1.0.v20180723-1842.jar/libs
      org.fusesource.ide.camel.model.service.impl.v2151redhat621216_11.1.0.v20180723-1842.jar/libs/camel-core-2.15.1.redhat-621216.jar/META-INF/maven/org.apache.camel/camel-core
      org.fusesource.ide.camel.model.service.impl.v2170redhat630347_11.1.0.v20180725-0619.jar/libs
      org.fusesource.ide.camel.model.service.impl.v2170redhat630347_11.1.0.v20180725-0619.jar/libs/camel-core-2.17.0.redhat-630347.jar/META-INF/maven/org.apache.camel/camel-core
      org.fusesource.ide.camel.model.service.impl.v2181redhat000021_11.1.0.v20180723-1842.jar/libs
      org.fusesource.ide.camel.model.service.impl.v2181redhat000021_11.1.0.v20180723-1842.jar/libs/camel-core-2.18.1.redhat-000021.jar/META-INF/maven/org.apache.camel/camel-core
      org.fusesource.ide.camel.model.service.impl.v2181redhat000021_11.1.0.v20180723-1842.jar/libs/camel-core-2.18.1.redhat-000021.jar/META-INF/maven/org.apache.camel/spi-annotations
      org.fusesource.ide.camel.model.service.impl.v2203_11.1.0.v20180723-1842.jar/libs
      org.fusesource.ide.camel.model.service.impl.v2210fuse000077redhat1_11.1.0.v20180723-1842.jar/libs
      org.fusesource.ide.camel.model.service.impl_11.1.0.v20180801-0947.jar/libs
      org.fusesource.ide.jmx.activemq_11.1.0.v20180723-1842.jar/libs
      org.fusesource.ide.wsdl2rest_11.1.0.v20180807-1302.jar/libs

      https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report-merged/lastBuild/dependency-check-jenkins-pluginResult/

      Verification: check if we have fewer CVEs after updating to newer version of fuse 11.1.x:

      https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report/lastBuild/dependency-check-jenkins-pluginResult/HIGH/ vs. #103
      https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report-merged/lastBuild/dependency-check-jenkins-pluginResult/HIGH/ vs. build #87

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  nickboldt Nick Boldt
                  Reporter:
                  nickboldt Nick Boldt
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated: