Update hibernate-validator and jetty-util

Change-Id: I93beb063bf3a1e5394651065b42c3b5f1bc5407d Issue-ID: DCAEGEN2-361 Signed-off-by: Michael Hwang <mhwang@research.att.com>
author: Michael Hwang <mhwang@research.att.com> 2018-03-28 10:32:32 -0400
committer: Michael Hwang <mhwang@research.att.com> 2018-03-28 10:32:59 -0400
commit: 89dad10220928f859fa72986f737808756d76798 (patch)
tree: e88393edb08211b9975eec29c0a5dde961569a8f /pom.xml
parent: 2be14fca49b2724d6f38e07438c814bda423e541 (diff)
1 files changed, 25 insertions, 1 deletions
diff --git a/pom.xml b/pom.xml
index 9dcfc45..95910a6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
 
     <groupId>org.onap.dcaegen2.platform</groupId>
     <artifactId>inventory-api</artifactId>
-    <version>3.0.0</version>
+    <version>3.0.1</version>
     <name>dcaegen2-platform-inventory-api</name>
     <!--internal <version>3.0.0</version>-->
 
@@ -68,6 +68,16 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
             <groupId>io.dropwizard</groupId>
             <artifactId>dropwizard-core</artifactId>
             <version>${dropwizard.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.hibernate</groupId>
+                    <artifactId>hibernate-validator</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.eclipse.jetty</groupId>
+                    <artifactId>jetty-util</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>io.dropwizard</groupId>
@@ -87,6 +97,20 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
             <version>4.5.5</version>
         </dependency>
         <dependency>
+            <!-- To address security issue - CVE-2017-7536 -->
+            <groupId>org.hibernate</groupId>
+            <artifactId>hibernate-validator</artifactId>
+            <version>5.3.6.Final</version>
+        </dependency>
+        <dependency>
+            <!-- To address security issue - CVE-2017-9735
+                 REVIEW: Only updated jetty-util which may introduce runtime issues because
+                 other jetty libraries are on 9.4.2 still -->
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-util</artifactId>
+            <version>9.4.6.v20170531</version>
+        </dependency>
+        <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
             <version>${logback.version}</version>
author	Michael Hwang <mhwang@research.att.com>	2018-03-28 10:32:32 -0400
committer	Michael Hwang <mhwang@research.att.com>	2018-03-28 10:32:59 -0400
commit	89dad10220928f859fa72986f737808756d76798 (patch)
tree	e88393edb08211b9975eec29c0a5dde961569a8f /pom.xml
parent	2be14fca49b2724d6f38e07438c814bda423e541 (diff)