lighty.io’s previous release, 15.1.0, showcased its apps being compatible with Kubernetes environments. In 15.2.0, we are presenting security and general improvements to lighty.io’s latest release.
Just in time to keep up with OpenDaylight’s Phosphorus SR2 Release.
More Secure Than Ever!
Our OpenDaylight feature-set introduces Sonalake Lift for improving overall code reliability, quality and security, making our latest release the most security-focused so far.
Above all – lighty.io has completely fixed its log4j dependencies and updated them to fix this well known security vulnerability in 15.2.0.
Our team replaced slf4j-log4j12 with slf4j-reload4j, while fixing SpringBoot log4j vulnerabilities.
Changes & Improvements
OpenDaylight Phosphorus SR2, in which PANTHEON.tech was heavily involved in, has made important updates to its projects. lighty.io 15.2.0 will keep up with these dependencies:
Updated upstream dependencies to Phosphorus SR2 release versions:
- ODLParent – 9.0.13
- AAA – 0.14.10
- Controller – 4.0.10
- InfraUtils – 2.0.13
- MD-SAL – 8.0.12
- NETCONF – 2.0.14
- YANG Tools – 7.0.14
- Add option to load YANG models from class path inside gNMI SB
- Add module time-out to RNC & RCgNMI helm charts
- Workaround fix for OpenConfig regex pattern matching problem
- Upgrade and unify usage of lighty-codecs-util
- Fix reported Snyk issues
- Fix lighty-controller-spring-di test
- Set Alpine version inside Docker to 3.15.0
- Fixed closing of lighty.io apps and add option to increase time-out