Details
-
Task
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
1
Description
Exporter 1.0.6 - 5 medium suspect licenses, see table and attached screenshot
Operator 2.3 - 1 medium suspect license, see table and attached screenshot
Service Broker 1.2.0 - 1 medium suspect license
Operator Backup 1.2.0 - 3 mediums per blackduck (2 are lgpl so high on legal's list)
B/Fluent-bit 1.1.3 - no suspect licenses reported per blackduck, see attached screenshot
Operator Logging 1.0.0 - 1 unknown license
| CN component | 3rd party component | risk level | License | Notes |
|---|---|---|---|---|
| Exporter 1.0.6 | errwrapv1.1.0 | med | MPL-2.0 | new. not in 1.0 |
| Exporter | errwrapv1.0.0 | med | MPL-2.0 | new. not in 1.0 |
| Exporter | hashicorp-go-multierrorv1.1.1 | med | MPL-2.0 | new. not in 1.0 |
| Exporter | hashicorp-go-versionv1.2.1 | med | MPL-2.0 | new. not in 1.0 |
| Exporter | hashicorp/hclv1.0.0 | med | MPL-2.0 | new. not in 1.0 |
| Operator 2.3.0 | python-certifi2021.10.8 | med | MPL-2.0 | new for 2.3. not in 2.2 |
| Operator Logging 1.0.0 | Ejectav1.1 | unk | cbd-4632 for Build to fix unknown license looks like this should map to MIT Opensource license |
|
| Service Broker 1.2.0 | hashicorp-golang-lruv0.5.1 | med | MPL-2.0 |  carryforward...not new. included in past releases |
| Operator Backup 1.2.0 | chardet4.0.0 | med/high | LGPL-2.1+ | still showing in operator backup even though chardet removed from Server 7.0 per MB-45440 |
| Operator Backup | websocket-clientv1.0.0 | med/high | LGPL-2.1+ | new license. similar 3rd party component in 2.2 but was under different license. |
| Operator Backup | python-certifi2020.12.5 | med | MPL-2.0 | carryforward...not new. included in past releases |
Attachments
Issue Links
- is cloned by
-
-
- Resolved
-