Change dependency version for httpclient

Issue-ID: CLI-246

Signed-off-by: jitendra sharma <jitendra.sharma1@huawei.com>
Change-Id: Ie4b71259559927f485095021b6e87780698e9c92

1 files changed, 17 insertions, 1 deletions

diff --git a/profiles/http/pom.xml b/profiles/http/pom.xml
index b8563e48..9268895d 100644
--- a/profiles/http/pom.xml
+++ b/profiles/http/pom.xml
@@ -37,11 +37,27 @@
             <artifactId>cli-sample-mock-generator</artifactId>
             <version>${project.version}</version>
         </dependency>
+<!--Change version from 4.3.5 to 4.5.7 due to sonatype-2017-
+0359 and CVE-2015-526.
+Excluded commons-codec vulnerable version and added invulnerable version
+
+ -->
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.3.5</version>
+            <version>4.5.7</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-codec</groupId>
+                    <artifactId>commons-codec</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
+      <dependency>
+          <groupId>commons-codec</groupId>
+          <artifactId>commons-codec</artifactId>
+          <version>1.13</version>
+      </dependency>
         <dependency>
           <groupId>org.apache.httpcomponents</groupId>
           <artifactId>httpmime</artifactId>