More Secure Than Ever!
Our OpenDaylight feature-set introduces Sonalake Lift for improving overall code reliability, quality and security, making our latest release the most security-focused so far.
Above all – lighty.io has completely fixed its log4j dependencies and updated them to fix this well known security vulnerability in 15.2.0.
Our team replaced slf4j-log4j12 with slf4j-reload4j, while fixing SpringBoot log4j vulnerabilities.
Changes & Improvements
OpenDaylight Phosphorus SR2, in which PANTHEON.tech was heavily involved in, has made important updates to its projects. lighty.io 15.2.0 will keep up with these dependencies:
Updated upstream dependencies to Phosphorus SR2 release versions:
- ODLParent – 9.0.13
- AAA – 0.14.10
- Controller – 4.0.10
- InfraUtils – 2.0.13
- MD-SAL – 8.0.12
- NETCONF – 2.0.14
- YANG Tools – 7.0.14
- Add option to load YANG models from class path inside gNMI SB
- Add module time-out to RNC & RCgNMI helm charts
- Workaround fix for OpenConfig regex pattern matching problem
- Upgrade and unify usage of lighty-codecs-util
- Fix reported Snyk issues
- Fix lighty-controller-spring-di test
- Set Alpine version inside Docker to 3.15.0
- Fixed closing of lighty.io apps and add option to increase time-out