From 42480c241e5882bd2e6002004e5013a0e1bd7429 Mon Sep 17 00:00:00 2001
From: Michael Arrastia <MArrasti@amdocs.com>
Date: Thu, 3 May 2018 18:09:26 +0100
Subject: Address security vulnerabilities

This includes version upgrades for:
- logback-classic, logback-core
- commons-collections
- hadoop-common
- hbase-client: settled on version 1.0.2 as container would not start
                with later versions
- httpclient
- netty, netty-all
- zookeeper
- jackson-core
Also should resolve presence of flux-examples.

Change-Id: Ifb55f5d6676a9971d1d9a46c695dc78eb1b99843
Issue-ID: AAI-1117
Signed-off-by: Michael Arrastia <MArrasti@amdocs.com>
---
 champ-service-deps-janus/pom.xml | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

(limited to 'champ-service-deps-janus')

diff --git a/champ-service-deps-janus/pom.xml b/champ-service-deps-janus/pom.xml
index 398437f..9b1dd5e 100644
--- a/champ-service-deps-janus/pom.xml
+++ b/champ-service-deps-janus/pom.xml
@@ -22,17 +22,15 @@ limitations under the License.
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
-    <groupId>org.onap.aai</groupId>
-    <artifactId>champ-service-deps-janus</artifactId>
-    <packaging>pom</packaging>
-    <version>1.2.0-SNAPSHOT</version>
-
     <parent>
         <groupId>org.onap.aai</groupId>
         <artifactId>champ</artifactId>
         <version>1.2.0-SNAPSHOT</version>
     </parent>
 
+    <artifactId>champ-service-deps-janus</artifactId>
+    <packaging>pom</packaging>
+
     <dependencies>
         <dependency>
             <groupId>org.onap.aai</groupId>
@@ -47,14 +45,6 @@ limitations under the License.
                     <groupId>ch.qos.logback</groupId>
                     <artifactId>logback-core</artifactId>
                 </exclusion>
-                <exclusion>
-                    <groupId>org.apache.httpcomponents</groupId>
-                    <artifactId>httpclient</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.apache.httpcomponents</groupId>
-                    <artifactId>httpclient-cache</artifactId>
-                </exclusion>
                 <exclusion>
                     <groupId>org.slf4j</groupId>
                     <artifactId>slf4j-api</artifactId>
@@ -127,8 +117,17 @@ limitations under the License.
                     <groupId>org.onap.aai.event-client</groupId>
                     <artifactId>event-client-kafka</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.httpcomponents</groupId>
+                    <artifactId>httpclient</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.httpcomponents</groupId>
+                    <artifactId>httpcore</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
+
         <dependency>
             <groupId>org.janusgraph</groupId>
             <artifactId>janusgraph-cassandra</artifactId>
@@ -193,6 +192,7 @@ limitations under the License.
                 </exclusion>
             </exclusions>
         </dependency>
+
         <dependency>
             <groupId>org.janusgraph</groupId>
             <artifactId>janusgraph-hbase</artifactId>
-- 
cgit 1.2.3-korg