diff options
| -rw-r--r-- | framework/pom.xml | 8 | ||||
| -rw-r--r-- | framework/src/test/java/org/onap/cli/fw/utils/OnapCommandUtilsTest.java | 6 | ||||
| -rw-r--r-- | grpc/pom.xml | 15 | ||||
| -rw-r--r-- | main/pom.xml | 2 | ||||
| -rw-r--r-- | profiles/http/pom.xml | 18 | ||||
| -rw-r--r-- | profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java | 5 |
6 files changed, 47 insertions, 7 deletions
diff --git a/framework/pom.xml b/framework/pom.xml index 75d94ee7..7666c49e 100644 --- a/framework/pom.xml +++ b/framework/pom.xml @@ -54,20 +54,24 @@ <artifactId>commons-csv</artifactId> <version>1.3</version> </dependency> +<!-- Change version from 1.9 to 1.13 due to "sonatype-2012- + 0050" for commons-codec --> <dependency> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> - <version>1.9</version> + <version>1.13</version> </dependency> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-io</artifactId> <version>1.3.2</version> </dependency> +<!-- Change version from 3.2.9 to 5.1.2 due to "sonatype-2015- + 0327" for spring-core --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> - <version>3.2.9.RELEASE</version> + <version>5.1.2.RELEASE</version> </dependency> <dependency> <groupId>com.jayway.jsonpath</groupId> diff --git a/framework/src/test/java/org/onap/cli/fw/utils/OnapCommandUtilsTest.java b/framework/src/test/java/org/onap/cli/fw/utils/OnapCommandUtilsTest.java index df94d594..e40dfdf4 100644 --- a/framework/src/test/java/org/onap/cli/fw/utils/OnapCommandUtilsTest.java +++ b/framework/src/test/java/org/onap/cli/fw/utils/OnapCommandUtilsTest.java @@ -59,6 +59,7 @@ import static java.util.Collections.singletonList; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; +import static org.junit.Assert.assertNotNull; import static org.onap.cli.fw.conf.OnapCommandConstants.IS_INCLUDE; import static org.onap.cli.fw.input.OnapCommandParameterType.ARRAY; import static org.onap.cli.fw.input.OnapCommandParameterType.BOOL; @@ -513,4 +514,9 @@ public class OnapCommandUtilsTest { } }; } + + @Test + public void testMd5(){ + assertNotNull(OnapCommandUtils.md5("a")); + } } diff --git a/grpc/pom.xml b/grpc/pom.xml index 75721607..e73be6b3 100644 --- a/grpc/pom.xml +++ b/grpc/pom.xml @@ -34,10 +34,23 @@ <grpc.version>1.8.0</grpc.version> </properties> <dependencies> +<!-- netty-codec-http2 excluded due to Security Issues:- CVE-2019-9512,CVE-2019-9514,CVE-2019-9515,CVE-2019-9518,CVE-2019-16869 + and added invulnerable netty-codec-http2 4.1.42.Final --> <dependency> <groupId>io.grpc</groupId> <artifactId>grpc-netty</artifactId> <version>${grpc.version}</version> + <exclusions> + <exclusion> + <groupId>io.netty</groupId> + <artifactId>netty-codec-http2</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-codec-http2</artifactId> + <version>4.1.42.Final</version> </dependency> <dependency> <groupId>io.grpc</groupId> @@ -165,4 +178,4 @@ </plugins> </pluginManagement> </build> -</project>
\ No newline at end of file +</project> diff --git a/main/pom.xml b/main/pom.xml index 9a5465c2..fd810e96 100644 --- a/main/pom.xml +++ b/main/pom.xml @@ -44,7 +44,7 @@ <dependency> <groupId>jline</groupId> <artifactId>jline</artifactId> - <version>2.6</version> + <version>2.14.3</version> </dependency> <dependency> <groupId>junit</groupId> diff --git a/profiles/http/pom.xml b/profiles/http/pom.xml index b8563e48..9268895d 100644 --- a/profiles/http/pom.xml +++ b/profiles/http/pom.xml @@ -37,11 +37,27 @@ <artifactId>cli-sample-mock-generator</artifactId> <version>${project.version}</version> </dependency> +<!--Change version from 4.3.5 to 4.5.7 due to sonatype-2017- +0359 and CVE-2015-526. +Excluded commons-codec vulnerable version and added invulnerable version + + --> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> - <version>4.3.5</version> + <version>4.5.7</version> + <exclusions> + <exclusion> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + </exclusion> + </exclusions> </dependency> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>1.13</version> + </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpmime</artifactId> diff --git a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java index 3f426bf3..e8924470 100644 --- a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java +++ b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java @@ -35,7 +35,8 @@ import javax.net.ssl.X509TrustManager; import org.apache.http.Header; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; -import org.apache.http.annotation.NotThreadSafe; +import org.apache.http.annotation.Contract; +import org.apache.http.annotation.ThreadingBehavior; import org.apache.http.client.CookieStore; import org.apache.http.client.HttpClient; import org.apache.http.client.config.RequestConfig; @@ -372,7 +373,7 @@ public class OnapHttpConnection { } } - @NotThreadSafe + @Contract(threading = ThreadingBehavior.UNSAFE) static class HttpDeleteWithBody extends HttpEntityEnclosingRequestBase { public HttpDeleteWithBody() { |