[#ODLPARENT-151] yang-parser-impl-1.2.1 contains antlr-4.7.0 version, which has Information Disclosure Vulnerability. Recommendation: Upgrade antlr version to 4.7.1 version

[ODLPARENT-151] yang-parser-impl-1.2.1 contains antlr-4.7.0 version, which has Information Disclosure Vulnerability. Recommendation: Upgrade antlr version to 4.7.1 version Created: 16/Apr/18 Updated: 02/May/18 Resolved: 02/May/18
Status:	Resolved
Project:	odlparent
Component/s:	General
Affects Version/s:	2.0.5
Fix Version/s:	2.0.6

Type:

Bug

Priority:

Medium

Reporter:

Venugopal Gotagi

Assignee:

Robert Varga

Resolution:

Done

Votes:

Labels:

None

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Description

yang-parser-impl-1.2.1 contains antlr-4.7.0 version, which has Information Disclosure Vulnerability. Recommendation: Upgrade antlr version to 4.7.1 version

Comments

Comment by Robert Varga [ 16/Apr/18 ]

https://git.opendaylight.org/gerrit/70962

Comment by Stephen Kitt [ 17/Apr/18 ]

venugopalgotagi, is there any public information about this information disclosure? I’m trying to determine the urgency of this upgrade but haven’t found anything yet.

Generated at Wed Feb 07 20:27:46 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.

[ODLPARENT-151] yang-parser-impl-1.2.1 contains antlr-4.7.0 version, which has Information Disclosure Vulnerability. Recommendation: Upgrade antlr version to 4.7.1 version Created: 16/Apr/18 Updated: 02/May/18 Resolved: 02/May/18