oodt-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Barber <...@spicule.co.uk>
Subject CVEs etc
Date Sat, 09 Sep 2017 13:03:49 GMT
Hi folks

This isn't supposed to be an alarmist email, but quite enlightening all the
same.

I saw a link to a plugin on the Drill mailing list called Dependency Check
Report so I wired it into  my OODT repo amongst others to see what was
flagged up since the Struts fallout.

Anyway, of course its unlikely but not out of the question to run OODT
fronting on to the interwebs so I think this is decent food for thought as
to why its useful to keep dependencies up to date as much as possible.

Here's a selection of the output:

https://www.dropbox.com/s/2ida8dk54yleedo/curator-webapp.html?dl=0
https://www.dropbox.com/s/wgt1facgjhqiqkq/fmbrowser.html?dl=0
https://www.dropbox.com/s/o8kqcaktplzjy4y/metadata.html?dl=0
https://www.dropbox.com/s/cli4pj4jc564f16/pge.html?dl=0

Of course there is a bunch of repetition in there and plenty that aren't
over the top severe, some may also be false positives, but as we work
through to OODT 2.0 with the new stuff and chopping out the old stuff,
reducing these as much as possible I would posture.

Tom

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message