Hi Steve, We are using “BounceyCastle” for part of the CA work. I will have to look into whether I can remove easily.
Io.netty and org.apache.httpcomponents are derived dependencies from Cassandra. I’m making inquiries as to what Cassandra Versions we can use to get free of License issues as well as whatever flaws you have noted. -- Jonathan Gathman Principled-System Architect ATO Tech Dev/SEAT/Platform Architecture and Technology Management AT&T Services, Inc. 2349 Oaker, Arnold, MO 63010 m 314-550-3312 | jonathan.gath...@us.att.com<mailto:jonathan.gath...@us.att.com> From: RAMPRASAD KOYA <rk5...@att.com> Date: Monday, April 2, 2018 at 5:39 PM To: Stephen Terrill <stephen.terr...@ericsson.com>, "GATHMAN, JONATHAN C" <jg1...@att.com>, "GANDHAM, SAI" <sg4...@att.com> Cc: "onap-sec...@lists.onap.org" <onap-sec...@lists.onap.org>, onap-tsc <onap-tsc@lists.onap.org> Subject: RE: Known vulnerability analysis of AAF Sai, Jonathan – Any thoughts on this? From: Stephen Terrill [mailto:stephen.terr...@ericsson.com] Sent: Monday, April 02, 2018 2:59 AM To: KOYA, RAMPRASAD <rk5...@att.com> Cc: onap-sec...@lists.onap.org; onap-tsc <onap-tsc@lists.onap.org> Subject: Known vulnerability analysis of AAF Hi Ram, Thanks for the review of the known vulnerabilities for AAF: https://wiki.onap.org/pages/viewpage.action?pageId=28380057<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_pages_viewpage.action-3FpageId-3D28380057&d=DwMFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=Or0_YpjagYRDcwyBx4e_hA&m=m7bec1S9mlFSXfYn-EU9loqPwno_PiLAP_5c_phTUuw&s=U9ikNdWnDgTcZQ-6_8SkfPfbUp4xAun9_XdlhSshM0k&e=> I note that the actions are still work in progress – do you have an estimated time for the analysis. In the analysis, it would be great if you consider whether the way that AAF uses the imported artefacts to be clear on whether AAF is exposed to the vulnerability. Best Regards, Steve [Image removed by sender. Ericsson]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ericsson.com_&d=DwMFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=Or0_YpjagYRDcwyBx4e_hA&m=m7bec1S9mlFSXfYn-EU9loqPwno_PiLAP_5c_phTUuw&s=xXMt5NK9j-a9syrmXv-y-1egMJ0qUr0u9kukYPKguM8&e=> STEPHEN TERRILL Technology Specialist POA Architecture and Solutions Business Unit Digital Services Ericsson Ericsson R&D Center, via de los Poblados 13 28033, Madrid, Spain Phone +34 339 3005 Mobile +34 609 168 515 stephen.terr...@ericsson.com<mailto:stephen.terr...@ericsson.com> www.ericsson.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ericsson.com&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=Or0_YpjagYRDcwyBx4e_hA&m=m7bec1S9mlFSXfYn-EU9loqPwno_PiLAP_5c_phTUuw&s=_Bai0JhwE2CQkBeSCL4oHQc5t7W3NzMfx9uGyuBy7VM&e=> [Image removed by sender. http://www.ericsson.com/current_campaign]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ericsson.com_current-5Fcampaign&d=DwMFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=Or0_YpjagYRDcwyBx4e_hA&m=m7bec1S9mlFSXfYn-EU9loqPwno_PiLAP_5c_phTUuw&s=N1luyU_lHOndteHzeSgGVPlpOiveSTKzxItR3mPZPwE&e=> Legal entity: Ericsson España S.A, compay registration number ESA288568603. This Communication is Confidential. We only send and receive email on the basis of the terms set out at www.ericsson.com/email_disclaimer<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ericsson.com_email-5Fdisclaimer&d=DwMFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=Or0_YpjagYRDcwyBx4e_hA&m=m7bec1S9mlFSXfYn-EU9loqPwno_PiLAP_5c_phTUuw&s=RarBWYqbNQ3Xaqe79nrk7W1zVT6ScYuGUXnGLilKTrY&e=>
_______________________________________________ ONAP-TSC mailing list ONAP-TSC@lists.onap.org https://lists.onap.org/mailman/listinfo/onap-tsc