diff options
| author |   Kanagaraj Manickam <kanagaraj.manickam@huawei.com> | 2020-02-21 04:52:36 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2020-02-21 04:52:36 +0000 |
| commit | 2577ef1f3fb0590dd03d0a3d0aa865e71d265db7 (patch) | |
| tree | 97363c85a174ba84605175976bf03c9b648c6f00 | |
| parent | 190967fc2c85f7f17ebf6e94e41b3714de644d3e (diff) | |
| parent | 84d0e55e2b66dd1dabbfe85b48e7b847d17a756f (diff) | |
Merge "Change dependency version for httpclient"
| -rw-r--r-- | profiles/http/pom.xml | 18 | ||||
| -rw-r--r-- | profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java | 5 |
2 files changed, 20 insertions, 3 deletions
diff --git a/profiles/http/pom.xml b/profiles/http/pom.xml index b8563e48..9268895d 100644 --- a/profiles/http/pom.xml +++ b/profiles/http/pom.xml @@ -37,11 +37,27 @@ <artifactId>cli-sample-mock-generator</artifactId> <version>${project.version}</version> </dependency> +<!--Change version from 4.3.5 to 4.5.7 due to sonatype-2017- +0359 and CVE-2015-526. +Excluded commons-codec vulnerable version and added invulnerable version + + --> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> - <version>4.3.5</version> + <version>4.5.7</version> + <exclusions> + <exclusion> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + </exclusion> + </exclusions> </dependency> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>1.13</version> + </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpmime</artifactId> diff --git a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java index 3f426bf3..e8924470 100644 --- a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java +++ b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java @@ -35,7 +35,8 @@ import javax.net.ssl.X509TrustManager; import org.apache.http.Header; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; -import org.apache.http.annotation.NotThreadSafe; +import org.apache.http.annotation.Contract; +import org.apache.http.annotation.ThreadingBehavior; import org.apache.http.client.CookieStore; import org.apache.http.client.HttpClient; import org.apache.http.client.config.RequestConfig; @@ -372,7 +373,7 @@ public class OnapHttpConnection { } } - @NotThreadSafe + @Contract(threading = ThreadingBehavior.UNSAFE) static class HttpDeleteWithBody extends HttpEntityEnclosingRequestBase { public HttpDeleteWithBody() { |