Address security vulnerabilities

This includes version upgrades for: - logback-classic, logback-core - commons-collections - hadoop-common - hbase-client: settled on version 1.0.2 as container would not start with later versions - httpclient - netty, netty-all - zookeeper - jackson-core Also should resolve presence of flux-examples. Change-Id: Ifb55f5d6676a9971d1d9a46c695dc78eb1b99843 Issue-ID: AAI-1117 Signed-off-by: Michael Arrastia <MArrasti@amdocs.com>
author: Michael Arrastia <MArrasti@amdocs.com> 2018-05-03 18:09:26 +0100
committer: Michael Arrastia <MArrasti@amdocs.com> 2018-05-03 18:09:26 +0100
commit: 42480c241e5882bd2e6002004e5013a0e1bd7429 (patch)
tree: 1000103085ba7ad3d7b8fdb28b5a76aba6eca852 /champ-service/pom.xml
parent: e8211d3d5ab9ef5fd9a66230a94b1739d9dfe64b (diff)
1 files changed, 44 insertions, 44 deletions
diff --git a/champ-service/pom.xml b/champ-service/pom.xml
index 77e4680..2738dc5 100644
--- a/champ-service/pom.xml
+++ b/champ-service/pom.xml
@@ -67,6 +67,10 @@ limitations under the License.
                     <groupId>org.springframework.boot</groupId>
                     <artifactId>spring-boot-starter-tomcat</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-classic</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
@@ -87,7 +91,6 @@ limitations under the License.
             <scope>provided</scope>
         </dependency>
 
-
         <dependency>
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>
@@ -145,24 +148,6 @@ limitations under the License.
         </dependency>
 
         <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
-            <version>4.5.5</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient-cache</artifactId>
-            <version>4.5.5</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>commons-logging</groupId>
-                    <artifactId>commons-logging</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-
-        <dependency>
             <groupId>org.onap.aai</groupId>
             <artifactId>champ-core</artifactId>
             <version>1.2.0-SNAPSHOT</version>
@@ -173,10 +158,6 @@ limitations under the License.
                     <artifactId>hbase-client</artifactId>
                 </exclusion>
                 <exclusion>
-                    <groupId>org.apache.httpcomponents</groupId>
-                    <artifactId>httpclient</artifactId>
-                </exclusion>
-                <exclusion>
                     <groupId>log4j</groupId>
                     <artifactId>log4j</artifactId>
                 </exclusion>
@@ -203,6 +184,46 @@ limitations under the License.
             <version>1.5.0</version>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>1.2.3</version>
+        </dependency>
+
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
+            <version>1.2.3</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.onap.dmaap.messagerouter.dmaapclient</groupId>
+            <artifactId>dmaapClient</artifactId>
+            <version>1.1.5</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.httpcomponents</groupId>
+                    <artifactId>httpclient</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.httpcomponents</groupId>
+                    <artifactId>httpclient-cache</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <version>4.5.3</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient-cache</artifactId>
+            <version>4.5.3</version>
+        </dependency>
     </dependencies>
 
     <distributionManagement>
@@ -334,27 +355,6 @@ limitations under the License.
                     <forceTags>true</forceTags>
                 </configuration>
             </plugin>
-
-            <plugin>
-                <groupId>org.jacoco</groupId>
-                <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.7.9</version>
-                <executions>
-                    <execution>
-                        <id>default-prepare-agent</id>
-                        <goals>
-                            <goal>prepare-agent</goal>
-                        </goals>
-                    </execution>
-                    <execution>
-                        <id>default-report</id>
-                        <phase>prepare-package</phase>
-                        <goals>
-                            <goal>report</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
         </plugins>
     </build>
 </project>
author	Michael Arrastia <MArrasti@amdocs.com>	2018-05-03 18:09:26 +0100
committer	Michael Arrastia <MArrasti@amdocs.com>	2018-05-03 18:09:26 +0100
commit	42480c241e5882bd2e6002004e5013a0e1bd7429 (patch)
tree	1000103085ba7ad3d7b8fdb28b5a76aba6eca852 /champ-service/pom.xml
parent	e8211d3d5ab9ef5fd9a66230a94b1739d9dfe64b (diff)