From d8c81e748f1db2fbd2bdd810671d90894af35d69 Mon Sep 17 00:00:00 2001 From: sa282w Date: Mon, 2 Apr 2018 11:33:14 -0400 Subject: Security Vunerabilities Issue-ID: PORTAL-155 Excluded beanshell dependency from epsdk-common, epsdk-core and epsdk-fw pom.xml. Change-Id: I068bd1134269a162a64710abc92aacf9cbba32d3 Signed-off-by: sa282w --- ecomp-sdk/epsdk-app-common/pom.xml | 24 +++++++++++++--------- ecomp-sdk/epsdk-app-os/pom.xml | 10 ++++----- ecomp-sdk/epsdk-core/pom.xml | 34 ++++++++++++++++-------------- ecomp-sdk/epsdk-fw/pom.xml | 16 ++++++++++++--- ecomp-sdk/epsdk-music/pom.xml | 42 +++++++++++++++++++------------------- 5 files changed, 72 insertions(+), 54 deletions(-) diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml index 6e4f9e19..f31aa797 100644 --- a/ecomp-sdk/epsdk-app-common/pom.xml +++ b/ecomp-sdk/epsdk-app-common/pom.xml @@ -172,11 +172,11 @@ org.elasticsearch elasticsearch 2.2.0 - - - org.apache.lucene - lucene-queryparser - + + + org.apache.lucene + lucene-queryparser + @@ -242,7 +242,7 @@ org.owasp.esapi esapi 2.1.0 - + commons-beanutils commons-beanutils-core @@ -251,7 +251,7 @@ commons-httpclient commons-httpclient - + xerces xercesImpl @@ -259,6 +259,10 @@ commons-collections commons-collections + + org.beanshell + bsh-core + @@ -268,7 +272,6 @@ ${jacoco.version} runtime - com.thoughtworks.xstream xstream @@ -309,8 +312,9 @@ xalan xalan 2.7.2 - - + + + xerces xercesImpl 2.11.0.SP5 diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml index ff5ce26b..d904d68f 100644 --- a/ecomp-sdk/epsdk-app-os/pom.xml +++ b/ecomp-sdk/epsdk-app-os/pom.xml @@ -307,11 +307,11 @@ org.elasticsearch elasticsearch 2.2.0 - - - org.apache.lucene - lucene-queryparser - + + + org.apache.lucene + lucene-queryparser + diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml index 8fd5a6ee..1bdb1490 100644 --- a/ecomp-sdk/epsdk-core/pom.xml +++ b/ecomp-sdk/epsdk-core/pom.xml @@ -319,11 +319,11 @@ org.elasticsearch elasticsearch 2.2.0 - - - org.apache.lucene - lucene-queryparser - + + + org.apache.lucene + lucene-queryparser + @@ -348,7 +348,7 @@ org.owasp.esapi esapi 2.1.0.1 - + commons-beanutils commons-beanutils-core @@ -357,9 +357,13 @@ commons-httpclient commons-httpclient - - xerces - xercesImpl + + xerces + xercesImpl + + + org.beanshell + bsh-core @@ -434,12 +438,12 @@ xalan xalan 2.7.2 - - - xerces - xercesImpl - 2.11.0.SP5 - + + + xerces + xercesImpl + 2.11.0.SP5 + diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml index 62600840..55f68744 100644 --- a/ecomp-sdk/epsdk-fw/pom.xml +++ b/ecomp-sdk/epsdk-fw/pom.xml @@ -107,6 +107,10 @@ commons-httpclient commons-httpclient + + org.beanshell + bsh-core + @@ -145,6 +149,12 @@ resteasy-spring ${resteasy.version} test + + + org.apache.httpcomponents + httpclient + + org.jboss.resteasy @@ -189,9 +199,9 @@ 1.3.3 - commons-beanutils - commons-beanutils - 1.9.3 + commons-beanutils + commons-beanutils + 1.9.3 diff --git a/ecomp-sdk/epsdk-music/pom.xml b/ecomp-sdk/epsdk-music/pom.xml index e5ee7a68..6429518f 100644 --- a/ecomp-sdk/epsdk-music/pom.xml +++ b/ecomp-sdk/epsdk-music/pom.xml @@ -125,7 +125,7 @@ org.onap.music core 2.4.4.2 - + @@ -201,26 +201,26 @@ - maven-assembly-plugin - - - - - - - jar-with-dependencies - - - - - make-assembly - package - - single - - - - + maven-assembly-plugin + + + + + + + jar-with-dependencies + + + + + make-assembly + package + + single + + + + -- cgit 1.2.3-korg