https://bugzilla.redhat.com/show_bug.cgi?id=1591929
--- Comment #7 from James Hebden jhebden@redhat.com --- Whilst the shipped versions of Open Dayight ship artifacts which fall within the affected versions ("older unsupported versions"), this flaw only has impact in the presence of an existing XSS flaw. Given there are currently no XSS flaws in the shipped versions, and the libraries themselves are not used in a vulnerable way, no package update to mitigate this flaw for Open Daylight is required.