From 3e50733288604e3367b535c18963f28ba3dc7bc6 Mon Sep 17 00:00:00 2001
From: "Lee, Tian (tl5884)" <TianL@amdocs.com>
Date: Fri, 4 Jan 2019 17:27:11 +0000
Subject: Replace Jackson Spring-Boot dependencies with GSON

Submodule: FProxy service

By default, Spring-Boot uses Jackson dependencies to marshall/unmarshall
JSON. However, all current releases of Jackson contain security
vulnerabilities.

This change will configure Spring-Boot to use the GSON library instead
of Jackson, which contains no security vulnerabilities.

Change-Id: Ifd36d2ddb79fa5da9310e1872f8936ab7ae91073
Issue-ID: AAF-693
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
---
 sidecar/fproxy/pom.xml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml
index 2608254..e0395b8 100644
--- a/sidecar/fproxy/pom.xml
+++ b/sidecar/fproxy/pom.xml
@@ -70,13 +70,22 @@
 					<groupId>org.springframework.boot</groupId>
 					<artifactId>spring-boot-starter-tomcat</artifactId>
 				</exclusion>
-			</exclusions>			
+				<exclusion>
+					<groupId>org.springframework.boot</groupId>
+					<artifactId>spring-boot-starter-json</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
 		</dependency>
+
+		<dependency>
+			<groupId>com.google.code.gson</groupId>
+			<artifactId>gson</artifactId>
+		</dependency>
 	</dependencies>
 
 	<build>
-- 
cgit 1.2.3-korg