summaryrefslogtreecommitdiffstats
path: root/profiles/http
diff options
context:
space:
mode:
Diffstat (limited to 'profiles/http')
-rw-r--r--profiles/http/pom.xml18
-rw-r--r--profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java5
2 files changed, 20 insertions, 3 deletions
diff --git a/profiles/http/pom.xml b/profiles/http/pom.xml
index b8563e48..9268895d 100644
--- a/profiles/http/pom.xml
+++ b/profiles/http/pom.xml
@@ -37,11 +37,27 @@
<artifactId>cli-sample-mock-generator</artifactId>
<version>${project.version}</version>
</dependency>
+<!--Change version from 4.3.5 to 4.5.7 due to sonatype-2017-
+0359 and CVE-2015-526.
+Excluded commons-codec vulnerable version and added invulnerable version
+
+ -->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
- <version>4.3.5</version>
+ <version>4.5.7</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.13</version>
+ </dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpmime</artifactId>
diff --git a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java
index 3f426bf3..e8924470 100644
--- a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java
+++ b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java
@@ -35,7 +35,8 @@ import javax.net.ssl.X509TrustManager;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
-import org.apache.http.annotation.NotThreadSafe;
+import org.apache.http.annotation.Contract;
+import org.apache.http.annotation.ThreadingBehavior;
import org.apache.http.client.CookieStore;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
@@ -372,7 +373,7 @@ public class OnapHttpConnection {
}
}
- @NotThreadSafe
+ @Contract(threading = ThreadingBehavior.UNSAFE)
static class HttpDeleteWithBody extends HttpEntityEnclosingRequestBase {
public HttpDeleteWithBody() {