aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjitendra sharma <jitendra.sharma1@huawei.com>2020-02-18 11:12:17 +0000
committerKanagaraj Manickam <kanagaraj.manickam@huawei.com>2020-02-21 04:51:51 +0000
commit84d0e55e2b66dd1dabbfe85b48e7b847d17a756f (patch)
treeda254931ee35a4da5e4f7d33f43c162cdaaf0d93
parent7343d9b5736148fc6d688d094b36903a5160c0e3 (diff)
Change dependency version for httpclient
Issue-ID: CLI-246 Signed-off-by: jitendra sharma <jitendra.sharma1@huawei.com> Change-Id: Ie4b71259559927f485095021b6e87780698e9c92
-rw-r--r--profiles/http/pom.xml18
-rw-r--r--profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java5
2 files changed, 20 insertions, 3 deletions
diff --git a/profiles/http/pom.xml b/profiles/http/pom.xml
index b8563e48..9268895d 100644
--- a/profiles/http/pom.xml
+++ b/profiles/http/pom.xml
@@ -37,11 +37,27 @@
<artifactId>cli-sample-mock-generator</artifactId>
<version>${project.version}</version>
</dependency>
+<!--Change version from 4.3.5 to 4.5.7 due to sonatype-2017-
+0359 and CVE-2015-526.
+Excluded commons-codec vulnerable version and added invulnerable version
+
+ -->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
- <version>4.3.5</version>
+ <version>4.5.7</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.13</version>
+ </dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpmime</artifactId>
diff --git a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java
index 3f426bf3..e8924470 100644
--- a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java
+++ b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java
@@ -35,7 +35,8 @@ import javax.net.ssl.X509TrustManager;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
-import org.apache.http.annotation.NotThreadSafe;
+import org.apache.http.annotation.Contract;
+import org.apache.http.annotation.ThreadingBehavior;
import org.apache.http.client.CookieStore;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
@@ -372,7 +373,7 @@ public class OnapHttpConnection {
}
}
- @NotThreadSafe
+ @Contract(threading = ThreadingBehavior.UNSAFE)
static class HttpDeleteWithBody extends HttpEntityEnclosingRequestBase {
public HttpDeleteWithBody() {