Loading...

XML

Word

Printable

Details

Type: Task
Resolution: Unresolved
Priority: Major
Fix Version/s: Backlog
Affects Version/s: None
Component/s: None
Labels:
None

Description

Some CVE issues exist in fuse bundles:

unpacked/devstudio-12.9.0.AM2-v20180808-0721-B3149-updatesite-core/

org.fusesource.ide.camel.model.service.impl.v2151redhat621216_11.1.0.v20180723-1842.jar/libs
org.fusesource.ide.camel.model.service.impl.v2151redhat621216_11.1.0.v20180723-1842.jar/libs/camel-core-2.15.1.redhat-621216.jar/META-INF/maven/org.apache.camel/camel-core
org.fusesource.ide.camel.model.service.impl.v2170redhat630347_11.1.0.v20180725-0619.jar/libs
org.fusesource.ide.camel.model.service.impl.v2170redhat630347_11.1.0.v20180725-0619.jar/libs/camel-core-2.17.0.redhat-630347.jar/META-INF/maven/org.apache.camel/camel-core
org.fusesource.ide.camel.model.service.impl.v2181redhat000021_11.1.0.v20180723-1842.jar/libs
org.fusesource.ide.camel.model.service.impl.v2181redhat000021_11.1.0.v20180723-1842.jar/libs/camel-core-2.18.1.redhat-000021.jar/META-INF/maven/org.apache.camel/camel-core
org.fusesource.ide.camel.model.service.impl.v2181redhat000021_11.1.0.v20180723-1842.jar/libs/camel-core-2.18.1.redhat-000021.jar/META-INF/maven/org.apache.camel/spi-annotations
org.fusesource.ide.camel.model.service.impl.v2203_11.1.0.v20180723-1842.jar/libs
org.fusesource.ide.camel.model.service.impl.v2210fuse000077redhat1_11.1.0.v20180723-1842.jar/libs
org.fusesource.ide.camel.model.service.impl_11.1.0.v20180801-0947.jar/libs
org.fusesource.ide.jmx.activemq_11.1.0.v20180723-1842.jar/libs
org.fusesource.ide.wsdl2rest_11.1.0.v20180807-1302.jar/libs

– https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report-merged/lastBuild/dependency-check-jenkins-pluginResult/

Verification: check if we have fewer CVEs after updating to newer version of fuse 11.1.x:

https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report/lastBuild/dependency-check-jenkins-pluginResult/HIGH/ vs. #103
https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report-merged/lastBuild/dependency-check-jenkins-pluginResult/HIGH/ vs. build #87

Attachments

Issue Links

clones

JBIDE-26299 [Red Hat Central] Update to latest Sonarlint 3.6

Closed

is cloned by

JBIDE-26302 Reduce CVE issues in JBT seam bundles

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Nick Boldt

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2018/08/10 1:14 PM

Updated:: 2024/03/27 11:58 AM