diff options
author | Patrick Brady <pb071s@att.com> | 2018-09-17 12:52:55 -0700 |
---|---|---|
committer | Patrick Brady <pb071s@att.com> | 2018-09-21 09:31:27 -0700 |
commit | 28da5021fad45b2c4da1bd1b7db794863e5ef7f3 (patch) | |
tree | 4f7fa810ba8a782ab24017193c6afa75dc797b86 | |
parent | 32780c70147bf7273f7f6a8d81de1a1efd68a92c (diff) |
Remove logback 1.1.3 security issue
cdp-pal and eelf are the dependencies using logback-classic
1.1.3. Need to use exclusions option in pom file
Change-Id: Id8f5817ec955e2b7b486bc0215c35541086606aa
Signed-off-by: Patrick Brady <pb071s@att.com>
Issue-ID: APPC-1018
21 files changed, 235 insertions, 14 deletions
diff --git a/appc-adapters/appc-chef-adapter/appc-chef-adapter-bundle/pom.xml b/appc-adapters/appc-chef-adapter/appc-chef-adapter-bundle/pom.xml index 417c70db8..105cf471b 100644 --- a/appc-adapters/appc-chef-adapter/appc-chef-adapter-bundle/pom.xml +++ b/appc-adapters/appc-chef-adapter/appc-chef-adapter-bundle/pom.xml @@ -93,8 +93,14 @@ <dependency> <groupId>com.att.cdp</groupId> <artifactId>cdp-pal-common</artifactId> - <scope>compile</scope> <version>${cdp.pal.version}</version> + <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -102,6 +108,12 @@ <artifactId>cdp-pal-openstack</artifactId> <scope>compile</scope> <version>${cdp.pal.version}</version> + <exclusions> + <exclusion> + <groupId>com.att.cdp</groupId> + <artifactId>cdp-pal-common</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/appc-adapters/appc-iaas-adapter/appc-iaas-adapter-bundle/pom.xml b/appc-adapters/appc-iaas-adapter/appc-iaas-adapter-bundle/pom.xml index 331773fc6..91cdd2663 100644 --- a/appc-adapters/appc-iaas-adapter/appc-iaas-adapter-bundle/pom.xml +++ b/appc-adapters/appc-iaas-adapter/appc-iaas-adapter-bundle/pom.xml @@ -48,11 +48,31 @@ </exclusions> </dependency> + + <dependency> + <groupId>com.att.cdp</groupId> + <artifactId>cdp-pal-common</artifactId> + <scope>compile</scope> + <version>${cdp.pal.version}</version> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> <groupId>com.att.cdp</groupId> <artifactId>cdp-pal-openstack</artifactId> <scope>compile</scope> <version>${cdp.pal.version}</version> + <exclusions> + <exclusion> + <groupId>com.att.cdp</groupId> + <artifactId>cdp-pal-common</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/appc-adapters/appc-netconf-adapter/appc-netconf-adapter-bundle/pom.xml b/appc-adapters/appc-netconf-adapter/appc-netconf-adapter-bundle/pom.xml index f87d7d139..a61659cb6 100644 --- a/appc-adapters/appc-netconf-adapter/appc-netconf-adapter-bundle/pom.xml +++ b/appc-adapters/appc-netconf-adapter/appc-netconf-adapter-bundle/pom.xml @@ -57,6 +57,12 @@ <artifactId>cdp-pal-common</artifactId> <scope>compile</scope> <version>${cdp.pal.version}</version> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -64,6 +70,12 @@ <artifactId>cdp-pal-openstack</artifactId> <scope>compile</scope> <version>${cdp.pal.version}</version> + <exclusions> + <exclusion> + <groupId>com.att.cdp</groupId> + <artifactId>cdp-pal-common</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/appc-adapters/appc-rest-adapter/appc-rest-adapter-bundle/pom.xml b/appc-adapters/appc-rest-adapter/appc-rest-adapter-bundle/pom.xml index b67b3bd5c..8c666b669 100644 --- a/appc-adapters/appc-rest-adapter/appc-rest-adapter-bundle/pom.xml +++ b/appc-adapters/appc-rest-adapter/appc-rest-adapter-bundle/pom.xml @@ -66,6 +66,12 @@ <artifactId>cdp-pal-common</artifactId> <scope>compile</scope> <version>${cdp.pal.version}</version> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -73,6 +79,12 @@ <artifactId>cdp-pal-openstack</artifactId> <scope>compile</scope> <version>${cdp.pal.version}</version> + <exclusions> + <exclusion> + <groupId>com.att.cdp</groupId> + <artifactId>cdp-pal-common</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/appc-adapters/appc-rest-healthcheck-adapter/appc-rest-healthcheck-adapter-bundle/pom.xml b/appc-adapters/appc-rest-healthcheck-adapter/appc-rest-healthcheck-adapter-bundle/pom.xml index 0e0ce5104..517553218 100644 --- a/appc-adapters/appc-rest-healthcheck-adapter/appc-rest-healthcheck-adapter-bundle/pom.xml +++ b/appc-adapters/appc-rest-healthcheck-adapter/appc-rest-healthcheck-adapter-bundle/pom.xml @@ -72,12 +72,24 @@ <groupId>com.att.cdp</groupId> <artifactId>cdp-pal-common</artifactId> <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.att.cdp</groupId> <artifactId>cdp-pal-openstack</artifactId> <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.att.cdp</groupId> + <artifactId>cdp-pal-common</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/appc-adapters/appc-ssh-adapter/appc-ssh-adapter-sshd/pom.xml b/appc-adapters/appc-ssh-adapter/appc-ssh-adapter-sshd/pom.xml index 4d00b5763..c65856655 100644 --- a/appc-adapters/appc-ssh-adapter/appc-ssh-adapter-sshd/pom.xml +++ b/appc-adapters/appc-ssh-adapter/appc-ssh-adapter-sshd/pom.xml @@ -59,8 +59,19 @@ <version>2.0.0</version> </dependency> <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + </dependency> + <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>junit</groupId> diff --git a/appc-config/appc-config-adaptor/provider/pom.xml b/appc-config/appc-config-adaptor/provider/pom.xml index aa5e24f51..4fbf5a5e7 100644 --- a/appc-config/appc-config-adaptor/provider/pom.xml +++ b/appc-config/appc-config-adaptor/provider/pom.xml @@ -70,10 +70,20 @@ <artifactId>mockito-core</artifactId> <scope>test</scope> </dependency> - + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + </dependency> <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/appc-config/appc-config-audit/provider/pom.xml b/appc-config/appc-config-audit/provider/pom.xml index 3babf6d6f..bb6629200 100644 --- a/appc-config/appc-config-audit/provider/pom.xml +++ b/appc-config/appc-config-audit/provider/pom.xml @@ -74,8 +74,19 @@ <artifactId>commons-io</artifactId> </dependency> <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + </dependency> + <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.commons</groupId> diff --git a/appc-config/appc-config-generator/provider/pom.xml b/appc-config/appc-config-generator/provider/pom.xml index 271873581..fd5eacdc1 100644 --- a/appc-config/appc-config-generator/provider/pom.xml +++ b/appc-config/appc-config-generator/provider/pom.xml @@ -94,10 +94,20 @@ <artifactId>commons-collections</artifactId> <version>3.2.2</version> </dependency> - + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + </dependency> <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/appc-config/appc-data-services/provider/pom.xml b/appc-config/appc-data-services/provider/pom.xml index 92468db81..0b5676ea0 100644 --- a/appc-config/appc-data-services/provider/pom.xml +++ b/appc-config/appc-data-services/provider/pom.xml @@ -62,10 +62,21 @@ <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + </dependency> <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -138,7 +149,8 @@ <Bundle-SymbolicName>appc-config-data-services</Bundle-SymbolicName> <Bundle-Activator>org.onap.appc.data.services.AppcDataServiceActivator</Bundle-Activator> <Export-Package>org.onap.appc.data.services</Export-Package> - <Import-Package>*</Import-Package> + <Import-Package>groovy.lang;resolution:=optional, + org.codehaus.groovy.*;resolution:=optional,*</Import-Package> <Embed-Dependency>eelf-core,logback-core,logback-classic</Embed-Dependency> <DynamicImport-Package>*</DynamicImport-Package> </instructions> diff --git a/appc-config/appc-encryption-tool/provider/pom.xml b/appc-config/appc-encryption-tool/provider/pom.xml index 2866797ee..d9ffca478 100644 --- a/appc-config/appc-encryption-tool/provider/pom.xml +++ b/appc-config/appc-encryption-tool/provider/pom.xml @@ -66,8 +66,19 @@ <artifactId>commons-lang3</artifactId> </dependency> <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + </dependency> + <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>commons-configuration</groupId> diff --git a/appc-config/appc-flow-controller/provider/pom.xml b/appc-config/appc-flow-controller/provider/pom.xml index f3cd09b89..065b3be22 100644 --- a/appc-config/appc-flow-controller/provider/pom.xml +++ b/appc-config/appc-flow-controller/provider/pom.xml @@ -69,8 +69,19 @@ <artifactId>jackson-dataformat-yaml</artifactId> </dependency> <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + </dependency> + <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.onap.ccsdk.sli.adaptors</groupId> @@ -141,7 +152,8 @@ <Bundle-SymbolicName>org.onap.appc.flow.controller</Bundle-SymbolicName> <Bundle-Activator>org.onap.appc.flow.controller.FlowControllerActivator</Bundle-Activator> <Export-Package>org.onap.appc.flow.controller</Export-Package> - <Import-Package>*</Import-Package> + <Import-Package>groovy.lang;resolution:=optional, + org.codehaus.groovy.*;resolution:=optional,*</Import-Package> <Embed-Dependency>eelf-core,logback-core,logback-classic</Embed-Dependency> <DynamicImport-Package>*</DynamicImport-Package> </instructions> diff --git a/appc-core/appc-common-bundle/pom.xml b/appc-core/appc-common-bundle/pom.xml index 0f72a1620..07300f53f 100644 --- a/appc-core/appc-common-bundle/pom.xml +++ b/appc-core/appc-common-bundle/pom.xml @@ -31,8 +31,19 @@ <dependencies>
<!-- logging -->
<dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>${logback.version}</version>
+ </dependency>
+ <dependency>
<groupId>com.att.eelf</groupId>
<artifactId>eelf-core</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
@@ -157,4 +168,4 @@ </plugin>
</plugins>
</build>
-</project>
\ No newline at end of file +</project>
diff --git a/appc-event-listener/appc-event-listener-bundle/pom.xml b/appc-event-listener/appc-event-listener-bundle/pom.xml index abd664e23..426fbd924 100644 --- a/appc-event-listener/appc-event-listener-bundle/pom.xml +++ b/appc-event-listener/appc-event-listener-bundle/pom.xml @@ -41,10 +41,21 @@ <version>${project.version}</version> </dependency> --> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + </dependency> <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> - </dependency> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> + </dependency> <dependency> <groupId>org.onap.appc</groupId> <artifactId>appc-common-bundle</artifactId> @@ -119,6 +130,7 @@ <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> + <scope>test</scope> </dependency> </dependencies> diff --git a/appc-inbound/appc-design-services/provider/pom.xml b/appc-inbound/appc-design-services/provider/pom.xml index f4ffee6fb..7206230ca 100755 --- a/appc-inbound/appc-design-services/provider/pom.xml +++ b/appc-inbound/appc-design-services/provider/pom.xml @@ -113,10 +113,20 @@ <artifactId>sal-binding-broker-impl</artifactId> <scope>test</scope> </dependency> - + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + </dependency> <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.onap.ccsdk.sli.adaptors</groupId> diff --git a/appc-inbound/appc-interfaces-service/bundle/pom.xml b/appc-inbound/appc-interfaces-service/bundle/pom.xml index bf85243db..d2172865b 100644 --- a/appc-inbound/appc-interfaces-service/bundle/pom.xml +++ b/appc-inbound/appc-interfaces-service/bundle/pom.xml @@ -110,10 +110,20 @@ <artifactId>sal-binding-broker-impl</artifactId> <scope>test</scope> </dependency> - + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + </dependency> <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.sun.jersey</groupId> diff --git a/appc-lifecycle-management/appc-lifecycle-management-core/pom.xml b/appc-lifecycle-management/appc-lifecycle-management-core/pom.xml index c76269293..e9bf49ae3 100644 --- a/appc-lifecycle-management/appc-lifecycle-management-core/pom.xml +++ b/appc-lifecycle-management/appc-lifecycle-management-core/pom.xml @@ -71,8 +71,19 @@ <version>${project.version}</version> </dependency> <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> + </dependency> + <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + </exclusions> </dependency> </dependencies> diff --git a/appc-outbound/appc-aai-client/provider/pom.xml b/appc-outbound/appc-aai-client/provider/pom.xml index 126e46136..11d42210c 100755 --- a/appc-outbound/appc-aai-client/provider/pom.xml +++ b/appc-outbound/appc-aai-client/provider/pom.xml @@ -60,14 +60,24 @@ <artifactId>commons-io</artifactId>
<version>2.5</version>
</dependency>
- <dependency>
+ <dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
-
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>${logback.version}</version>
+ </dependency>
<dependency>
<groupId>com.att.eelf</groupId>
<artifactId>eelf-core</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -135,7 +145,8 @@ <Bundle-SymbolicName>org.onap.appc.aai.client</Bundle-SymbolicName>
<Bundle-Activator>org.onap.appc.aai.client.AppcAaiClientActivator</Bundle-Activator>
<Export-Package>org.onap.appc.aai.client,org.onap.appc.aai.client.*</Export-Package>
- <Import-Package>*</Import-Package>
+ <Import-Package>groovy.lang;resolution:=optional,
+ org.codehaus.groovy.*;resolution:=optional,*</Import-Package>
<DynamicImport-Package>*</DynamicImport-Package>
<Embed-Dependency>eelf-core,logback-core,logback-classic</Embed-Dependency>
</instructions>
diff --git a/appc-outbound/appc-network-inventory-client/provider/pom.xml b/appc-outbound/appc-network-inventory-client/provider/pom.xml index e2edfbac2..b91cbe6d7 100755 --- a/appc-outbound/appc-network-inventory-client/provider/pom.xml +++ b/appc-outbound/appc-network-inventory-client/provider/pom.xml @@ -49,8 +49,19 @@ <artifactId>commons-io</artifactId>
</dependency>
<dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>${logback.version}</version>
+ </dependency>
+ <dependency>
<groupId>com.att.eelf</groupId>
<artifactId>eelf-core</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
diff --git a/appc-parent/binding-parent/pom.xml b/appc-parent/binding-parent/pom.xml index 6252b8e3b..991e3ab21 100644 --- a/appc-parent/binding-parent/pom.xml +++ b/appc-parent/binding-parent/pom.xml @@ -55,7 +55,7 @@ limitations under the License. <apache.httpcomponents.version>4.4</apache.httpcomponents.version> <commons.lang3.version>3.4</commons.lang3.version> <antlr.version>4.5.1</antlr.version> - <logback.version>1.2.0</logback.version> + <logback.version>1.2.3</logback.version> <toscalib.version>1.1.0</toscalib.version> <sdc-client.version>1.3.0</sdc-client.version> <!-- Should match the version used by sdc-distribution-client --> @@ -377,7 +377,7 @@ limitations under the License. <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-core</artifactId> - <version>${logback.version}</version> + <version>${logback.version}</version> <scope>compile</scope> </dependency> <dependency> |