Security issues fix

*Already upgraded versions of dependencies according to information from jira issue description. Change-Id: Ic2b59e5b6c1bf7420b21463f271471f7be6cc34a Issue-ID: DCAEGEN2-426 Signed-off-by: wasala <przemyslaw.wasala@nokia.com>
author: wasala <przemyslaw.wasala@nokia.com> 2018-04-16 09:52:34 +0200
committer: wasala <przemyslaw.wasala@nokia.com> 2018-04-16 09:52:34 +0200
commit: b0ef04537df52322f1d51148ef612c19d7b23696 (patch)
tree: c10bca6914e387a3d04fefc885dc8d0e10d257ab
parent: 6a7fa720d61083b36b739f26068888b7424bbfc7 (diff)
4 files changed, 88 insertions, 13 deletions
diff --git a/pom.xml b/pom.xml
index d22256f6..ccaa9888 100644
--- a/pom.xml
+++ b/pom.xml
@@ -51,8 +51,8 @@
     <!-- JAVA VERSION-->
     <java.version>8</java.version>
     <compiler.plugin.version>3.7.0</compiler.plugin.version>
-
-
+    <tomcat.version>8.5.28</tomcat.version>
+    <docker.maven.version>0.4.11</docker.maven.version>
     <!-- DEVELOPMENT SETTINGS -->
     <immutable.version>2.5.6</immutable.version>
 
@@ -311,7 +311,7 @@
         <plugin>
           <groupId>com.spotify</groupId>
           <artifactId>docker-maven-plugin</artifactId>
-          <version>0.4.11</version>
+          <version>${docker.maven.version}</version>
           <configuration>
             <skipDockerBuild>true</skipDockerBuild>
           </configuration>
@@ -407,7 +407,27 @@
       <dependency>
         <groupId>com.spotify</groupId>
         <artifactId>docker-maven-plugin</artifactId>
-        <version>1.0.0</version>
+        <version>${docker.maven.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.bouncycastle</groupId>
+        <artifactId>bcprov-jdk15on</artifactId>
+        <version>1.59</version>
+      </dependency>
+      <dependency>
+        <groupId>org.bouncycastle</groupId>
+        <artifactId>bcpkix-jdk15on</artifactId>
+        <version>1.59</version>
+      </dependency>
+      <dependency>
+        <groupId>org.codehaus.plexus</groupId>
+        <artifactId>plexus-utils</artifactId>
+        <version>3.1.0</version>
+      </dependency>
+      <dependency>
+        <groupId>com.github.jnr</groupId>
+        <artifactId>jnr-posix</artifactId>
+        <version>3.0.44</version>
       </dependency>
       <dependency>
         <groupId>org.apache.httpcomponents</groupId>
@@ -427,12 +447,32 @@
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-beans</artifactId>
-        <version>5.0.4.RELEASE</version>
+        <version>5.0.5.RELEASE</version>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-context</artifactId>
+        <version>5.0.5.RELEASE</version>
       </dependency>
       <dependency>
         <groupId>com.fasterxml.jackson.datatype</groupId>
         <artifactId>jackson-datatype-jdk8</artifactId>
-        <version>2.6.3</version>
+        <version>2.9.5</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-core</artifactId>
+        <version>${tomcat.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-el</artifactId>
+        <version>${tomcat.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-websocket</artifactId>
+        <version>${tomcat.version}</version>
       </dependency>
 
       <!-- LOGGING dependencies> -->
@@ -497,9 +537,15 @@
         <scope>test</scope>
       </dependency>
       <dependency>
+        <groupId>org.glassfish.jersey.connectors</groupId>
+        <artifactId>jersey-apache-connector</artifactId>
+        <version>2.25.1</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-test</artifactId>
-        <version>2.0.0.RELEASE</version>
+        <version>2.0.1.RELEASE</version>
         <scope>test</scope>
       </dependency>
 
diff --git a/prh-aai-client/pom.xml b/prh-aai-client/pom.xml
index 95d758e8..390e053e 100644
--- a/prh-aai-client/pom.xml
+++ b/prh-aai-client/pom.xml
@@ -54,12 +54,9 @@
       <groupId>org.springframework</groupId>
       <artifactId>spring-beans</artifactId>
     </dependency>
-
-    <!-- VERSION SET DUE TO THE FAILING BUILD-->
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-context</artifactId>
-      <version>3.0.2.RELEASE</version>
     </dependency>
     <dependency>
       <groupId>com.google.guava</groupId>
diff --git a/prh-app-server/pom.xml b/prh-app-server/pom.xml
index e21b8fae..1b5ed131 100644
--- a/prh-app-server/pom.xml
+++ b/prh-app-server/pom.xml
@@ -117,9 +117,37 @@
       <artifactId>docker-maven-plugin</artifactId>
     </dependency>
     <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk15on</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpkix-jdk15on</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-utils</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.github.jnr</groupId>
+      <artifactId>jnr-posix</artifactId>
+    </dependency>
+    <dependency>
       <groupId>com.fasterxml.jackson.datatype</groupId>
       <artifactId>jackson-datatype-jdk8</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.apache.tomcat.embed</groupId>
+      <artifactId>tomcat-embed-core</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.tomcat.embed</groupId>
+      <artifactId>tomcat-embed-el</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.tomcat.embed</groupId>
+      <artifactId>tomcat-embed-websocket</artifactId>
+    </dependency>
 
     <!-- LOGGING DEPENDENCIES-->
     <dependency>
@@ -166,18 +194,23 @@
       <scope>test</scope>
     </dependency>
     <dependency>
+      <groupId>org.glassfish.jersey.connectors</groupId>
+      <artifactId>jersey-apache-connector</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
       <groupId>org.testng</groupId>
       <artifactId>testng</artifactId>
     </dependency>
     <dependency>
       <groupId>org.onap.dcaegen2.services.prh</groupId>
       <artifactId>prh-aai-client</artifactId>
-      <version>${parent.version}</version>
+      <version>${project.parent.version}</version>
     </dependency>
     <dependency>
       <groupId>org.onap.dcaegen2.services.prh</groupId>
       <artifactId>prh-dmaap-client</artifactId>
-      <version>${parent.version}</version>
+      <version>${project.parent.version}</version>
     </dependency>
 
   </dependencies>
diff --git a/prh-dmaap-client/pom.xml b/prh-dmaap-client/pom.xml
index 94808cf8..4d93831b 100644
--- a/prh-dmaap-client/pom.xml
+++ b/prh-dmaap-client/pom.xml
@@ -88,7 +88,6 @@
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-context</artifactId>
-      <version>4.3.3.RELEASE</version>
     </dependency>
   </dependencies>
 </project>
 \ No newline at end of file
author	wasala <przemyslaw.wasala@nokia.com>	2018-04-16 09:52:34 +0200
committer	wasala <przemyslaw.wasala@nokia.com>	2018-04-16 09:52:34 +0200
commit	b0ef04537df52322f1d51148ef612c19d7b23696 (patch)
tree	c10bca6914e387a3d04fefc885dc8d0e10d257ab
parent	6a7fa720d61083b36b739f26068888b7424bbfc7 (diff)