Topics

#portal #policy Security Vulnerability in ONAP Portal | Unsupported Tomcat Version #portal #policy

Kumar Skand Priya, Viswanath V <viswanath.kumarskandpriya@...>
 

Hi ONAP Portal / Policy engine team,

We deployed ONAP R2 in our Ops lab and let our Ops team to try and play with ONAP. As part of their routine security scanning, they found that Tomcat versions of Portal & Policy engine is old and already EOL and brought it down immediately.

We then manually upgraded webserver version to proceed. Just wanted to let the community know this and take action.

Projects

Apache Tomcat

Beijing

Master

AAI/esr-gui

8.5.23

8.5.23

Policy/engine

8.0.37

8.0.37

Portal

8.0.37

8.0.37

UUI

8.5.23

8.5.23

VFC

8.5.30

8.5.30

VNFSDK

8.5.31

8.5.30



Projects

Jetty

Beijing

Master

AAI

9.4.6.v20170531

9.4.11.v20180605

AAF

9.3.9.v20160517

9.4.12.v20180830

Dmaap/bus-controller

9.3.7.v20160115

9.3.8.RC0

Dmaap/dbcapi

9.3.9.v20160517

9.3.8.RC0

Msb/discovery

9.4.8.v20171121

9.4.11.v20180605

Policy/drools-pdp

9.3.20.v20170531

9.3.20.v20170531

Policy/engine

9.2.3.v20140905

9.2.3.v20140905

Sdc

9.2.22.v20170606

9.4.11.v20180605


BR,
Viswa



Viswanath Kumar Skand Priya
Senior Architect
Technology, Architecture & Planning