diff options
| author |   Kasperki <pawel.kasperkiewicz@nokia.com> | 2022-07-29 18:28:01 +0200 |
|---|---|---|
| committer | Kasperki <pawel.kasperkiewicz@nokia.com> | 2022-08-08 10:53:04 +0200 |
| commit | d0392bdd88a1cac06cb5727c93f10c76bdff9e58 (patch) | |
| tree | c753ae2e6b86c81d380fd6dc28799a9a65db1f7b | |
| parent | 32563249ea8a984244dc4059438db275169cad39 (diff) | |
Fix SDK Vulnerabilities
Issue-ID: DCAEGEN2-3220
Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com>
Change-Id: Ic7df50fd22900bc680f7fff01871625ce809b4b5
28 files changed, 67 insertions, 40 deletions
diff --git a/Changelog.md b/Changelog.md index 3df29f30..31994d17 100644 --- a/Changelog.md +++ b/Changelog.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [1.8.10] - 2022/07/29 +### Added + - [DCAEGEN2-3220] (https://jira.onap.org/browse/DCAEGEN2-3220) - Fix SDK Vulnerability. Top up Spring-Boot version to 2.7.2 + ## [1.8.9] - 2022/07/15 ### Added - [DCAEGEN2-3223] (https://jira.onap.org/browse/DCAEGEN2-3223) - Fix CBS client environment variable substitution fails for complex cases @@ -24,7 +24,7 @@ language governing permissions and limitations under the License. <groupId>org.onap.dcaegen2.services</groupId> <artifactId>sdk</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> <name>dcaegen2-services-sdk</name> <description>Common SDK repo for all DCAE Services</description> @@ -73,28 +73,29 @@ language governing permissions and limitations under the License. <properties> <java.version>11</java.version> - <junit-jupiter.version>5.7.0</junit-jupiter.version> + <junit-jupiter.version>5.9.0</junit-jupiter.version> <junit-vintage.version>5.7.0</junit-vintage.version> <junit-platform.version>1.3.1</junit-platform.version> - <immutables.version>2.7.5</immutables.version> + <immutables.version>2.9.0</immutables.version> <assertj-core.version>3.12.2</assertj-core.version> <reactor.bom.version>2020.0.1</reactor.bom.version> <slf4j.version>1.7.25</slf4j.version> - <logback.version>1.2.3</logback.version> + <logback.version>1.2.11</logback.version> <mockito.version>2.28.2</mockito.version> - <protobuf.version>3.6.1</protobuf.version> + <protobuf.version>3.21.1</protobuf.version> <vavr.version>0.10.2</vavr.version> <commons-text.version>1.6</commons-text.version> <jetbrains-annotations.version>16.0.3</jetbrains-annotations.version> <protoc-jar-maven-plugin.version>3.6.0.2</protoc-jar-maven-plugin.version> <testcontainers.version>1.15.1</testcontainers.version> - <spring.boot.version>2.5.9</spring.boot.version> + <spring.boot.version>2.7.2</spring.boot.version> <system.rules.version>1.17.2</system.rules.version> <openapi4j.version>1.0.3</openapi4j.version> <mockserver-client.version>5.11.2</mockserver-client.version> <sonar.coverage.jacoco.xmlReportPaths> ${project.reporting.outputDirectory}/jacoco-ut/jacoco.xml </sonar.coverage.jacoco.xmlReportPaths> + <revision>1.8.10-SNAPSHOT</revision> </properties> <modules> diff --git a/rest-services/cbs-client/pom.xml b/rest-services/cbs-client/pom.xml index e99fc44a..d7c0753b 100644 --- a/rest-services/cbs-client/pom.xml +++ b/rest-services/cbs-client/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. <parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> <artifactId>dcaegen2-services-sdk-rest-services</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId> diff --git a/rest-services/dmaap-client/pom.xml b/rest-services/dmaap-client/pom.xml index b4390981..8123af31 100644 --- a/rest-services/dmaap-client/pom.xml +++ b/rest-services/dmaap-client/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. <parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> <artifactId>dcaegen2-services-sdk-rest-services</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId> diff --git a/rest-services/http-client/pom.xml b/rest-services/http-client/pom.xml index f182d63e..4223de02 100644 --- a/rest-services/http-client/pom.xml +++ b/rest-services/http-client/pom.xml @@ -28,7 +28,7 @@ <parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> <artifactId>dcaegen2-services-sdk-rest-services</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId> @@ -79,6 +79,11 @@ <scope>test</scope> </dependency> <dependency> + <groupId>org.junit.jupiter</groupId> + <artifactId>junit-jupiter-api</artifactId> + <scope>test</scope> + </dependency> + <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> <scope>test</scope> diff --git a/rest-services/model/pom.xml b/rest-services/model/pom.xml index 4a6dbe1d..0b47431c 100644 --- a/rest-services/model/pom.xml +++ b/rest-services/model/pom.xml @@ -27,7 +27,7 @@ <parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> <artifactId>dcaegen2-services-sdk-rest-services</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId> diff --git a/rest-services/pom.xml b/rest-services/pom.xml index 5d3be939..cf79b9ba 100644 --- a/rest-services/pom.xml +++ b/rest-services/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. <parent> <groupId>org.onap.dcaegen2.services</groupId> <artifactId>sdk</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> @@ -36,4 +36,8 @@ language governing permissions and limitations under the License. <module>cbs-client</module> <module>dmaap-client</module> </modules> + + <properties> + <onap-gerrit-review>-changelog-missing</onap-gerrit-review> + </properties> </project> diff --git a/security/crypt-password/pom.xml b/security/crypt-password/pom.xml index 5a8795e6..4b479394 100644 --- a/security/crypt-password/pom.xml +++ b/security/crypt-password/pom.xml @@ -19,7 +19,7 @@ language governing permissions and limitations under the License. <parent> <groupId>org.onap.dcaegen2.services.sdk.security</groupId> <artifactId>dcaegen2-services-sdk-security</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/security/pom.xml b/security/pom.xml index 37a3f020..cfc2da9d 100644 --- a/security/pom.xml +++ b/security/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. <parent> <groupId>org.onap.dcaegen2.services</groupId> <artifactId>sdk</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <groupId>org.onap.dcaegen2.services.sdk.security</groupId> @@ -35,4 +35,8 @@ language governing permissions and limitations under the License. <module>ssl</module> </modules> + <properties> + <onap-gerrit-review>-changelog-missing</onap-gerrit-review> + </properties> + </project> diff --git a/security/ssl/pom.xml b/security/ssl/pom.xml index 389c1aa1..bb2c71ef 100644 --- a/security/ssl/pom.xml +++ b/security/ssl/pom.xml @@ -19,7 +19,7 @@ language governing permissions and limitations under the License. <parent> <groupId>org.onap.dcaegen2.services.sdk.security</groupId> <artifactId>dcaegen2-services-sdk-security</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <artifactId>ssl</artifactId> diff --git a/services/common/pom.xml b/services/common/pom.xml index bb97d648..bee6427a 100644 --- a/services/common/pom.xml +++ b/services/common/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. <parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> <artifactId>dcaegen2-services-sdk-services</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <artifactId>dcaegen2-services-sdk-services-common</artifactId> diff --git a/services/external-schema-manager/pom.xml b/services/external-schema-manager/pom.xml index b8ad8186..c9587910 100644 --- a/services/external-schema-manager/pom.xml +++ b/services/external-schema-manager/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. <parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> <artifactId>dcaegen2-services-sdk-services</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <artifactId>dcaegen2-services-sdk-services-external-schema-manager</artifactId> diff --git a/services/hv-ves-client/pom.xml b/services/hv-ves-client/pom.xml index 5ade0cb3..cfe89c27 100644 --- a/services/hv-ves-client/pom.xml +++ b/services/hv-ves-client/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> <artifactId>dcaegen2-services-sdk-services</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <artifactId>dcaegen2-services-sdk-services-hvvesclient</artifactId> diff --git a/services/hv-ves-client/producer/api/pom.xml b/services/hv-ves-client/producer/api/pom.xml index 0c88b3f0..cf39094b 100644 --- a/services/hv-ves-client/producer/api/pom.xml +++ b/services/hv-ves-client/producer/api/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> <artifactId>hvvesclient-producer</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <artifactId>hvvesclient-producer-api</artifactId> diff --git a/services/hv-ves-client/producer/ct/pom.xml b/services/hv-ves-client/producer/ct/pom.xml index 6e460450..edf18058 100644 --- a/services/hv-ves-client/producer/ct/pom.xml +++ b/services/hv-ves-client/producer/ct/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> <artifactId>hvvesclient-producer</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <artifactId>hvvesclient-producer-ct</artifactId> diff --git a/services/hv-ves-client/producer/impl/pom.xml b/services/hv-ves-client/producer/impl/pom.xml index 21bd7faf..46ff06db 100644 --- a/services/hv-ves-client/producer/impl/pom.xml +++ b/services/hv-ves-client/producer/impl/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> <artifactId>hvvesclient-producer</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <artifactId>hvvesclient-producer-impl</artifactId> diff --git a/services/hv-ves-client/producer/pom.xml b/services/hv-ves-client/producer/pom.xml index 4b06d683..b3c28417 100644 --- a/services/hv-ves-client/producer/pom.xml +++ b/services/hv-ves-client/producer/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> <artifactId>dcaegen2-services-sdk-services-hvvesclient</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <artifactId>hvvesclient-producer</artifactId> diff --git a/services/hv-ves-client/protobuf/pom.xml b/services/hv-ves-client/protobuf/pom.xml index 36f48387..b3d535a3 100644 --- a/services/hv-ves-client/protobuf/pom.xml +++ b/services/hv-ves-client/protobuf/pom.xml @@ -26,7 +26,7 @@ <parent> <artifactId>dcaegen2-services-sdk-services-hvvesclient</artifactId> <groupId>org.onap.dcaegen2.services.sdk</groupId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <name>High Volume VES Collector Client :: Protobuf</name> @@ -38,6 +38,13 @@ </protobuf-generated-files.directory> </properties> + <dependencies> + <dependency> + <groupId>com.google.protobuf</groupId> + <artifactId>protobuf-java</artifactId> + </dependency> + </dependencies> + <build> <plugins> <plugin> @@ -63,6 +70,7 @@ <artifactId>protoc-jar-maven-plugin</artifactId> <executions> <execution> + <id>generate-sources</id> <phase>generate-sources</phase> <goals> <goal>run</goal> @@ -86,11 +94,4 @@ </plugins> </build> - <dependencies> - <dependency> - <groupId>com.google.protobuf</groupId> - <artifactId>protobuf-java</artifactId> - </dependency> - </dependencies> - </project> diff --git a/services/pom.xml b/services/pom.xml index 3aaf1962..7ddb0cc0 100644 --- a/services/pom.xml +++ b/services/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.dcaegen2.services</groupId> <artifactId>sdk</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> @@ -40,4 +40,8 @@ <module>hv-ves-client</module> <module>external-schema-manager</module> </modules> + + <properties> + <onap-gerrit-review>-changelog-missing</onap-gerrit-review> + </properties> </project> diff --git a/standardization/api-custom-header/pom.xml b/standardization/api-custom-header/pom.xml index a2cf6615..4f58163b 100644 --- a/standardization/api-custom-header/pom.xml +++ b/standardization/api-custom-header/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. <parent> <groupId>org.onap.dcaegen2.services.sdk</groupId> <artifactId>dcaegen2-services-sdk-standardization</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> <relativePath>..</relativePath> </parent> @@ -42,7 +42,6 @@ language governing permissions and limitations under the License. <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> - <version>2.8.5</version> </dependency> <dependency> <groupId>org.jetbrains</groupId> diff --git a/standardization/moher-api/healthstate/pom.xml b/standardization/moher-api/healthstate/pom.xml index 19ae0a6a..85252188 100644 --- a/standardization/moher-api/healthstate/pom.xml +++ b/standardization/moher-api/healthstate/pom.xml @@ -25,7 +25,7 @@ <parent> <artifactId>dcaegen2-sdk-moher-api</artifactId> <groupId>org.onap.dcaegen2.services.sdk</groupId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <name>Monitoring and Healthcheck :: Health state</name> diff --git a/standardization/moher-api/metrics/pom.xml b/standardization/moher-api/metrics/pom.xml index 53d7547a..c9308602 100644 --- a/standardization/moher-api/metrics/pom.xml +++ b/standardization/moher-api/metrics/pom.xml @@ -26,7 +26,7 @@ <parent> <artifactId>dcaegen2-sdk-moher-api</artifactId> <groupId>org.onap.dcaegen2.services.sdk</groupId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <name>Monitoring and Healthcheck :: Metrics</name> diff --git a/standardization/moher-api/pom.xml b/standardization/moher-api/pom.xml index 22abb5b2..fd360c4f 100644 --- a/standardization/moher-api/pom.xml +++ b/standardization/moher-api/pom.xml @@ -26,7 +26,7 @@ <parent> <artifactId>dcaegen2-services-sdk-standardization</artifactId> <groupId>org.onap.dcaegen2.services.sdk</groupId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <name>Monitoring and Healthcheck</name> diff --git a/standardization/moher-api/server-adapters/pom.xml b/standardization/moher-api/server-adapters/pom.xml index d396a773..72ffa370 100644 --- a/standardization/moher-api/server-adapters/pom.xml +++ b/standardization/moher-api/server-adapters/pom.xml @@ -25,7 +25,7 @@ <parent> <artifactId>dcaegen2-sdk-moher-api</artifactId> <groupId>org.onap.dcaegen2.services.sdk</groupId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <name>Monitoring and Healthcheck :: Server Adapters</name> diff --git a/standardization/moher-api/server-adapters/reactor-netty/pom.xml b/standardization/moher-api/server-adapters/reactor-netty/pom.xml index 72db4ab6..f238b955 100644 --- a/standardization/moher-api/server-adapters/reactor-netty/pom.xml +++ b/standardization/moher-api/server-adapters/reactor-netty/pom.xml @@ -25,7 +25,7 @@ <parent> <artifactId>dcaegen2-sdk-moher-server-adapters</artifactId> <groupId>org.onap.dcaegen2.services.sdk</groupId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <name>Monitoring and Healthcheck :: Server Adapters :: Reactor Netty</name> diff --git a/standardization/moher-api/server-adapters/spring-webflux/pom.xml b/standardization/moher-api/server-adapters/spring-webflux/pom.xml index b71aa43b..4fea8dbd 100644 --- a/standardization/moher-api/server-adapters/spring-webflux/pom.xml +++ b/standardization/moher-api/server-adapters/spring-webflux/pom.xml @@ -25,7 +25,7 @@ <parent> <artifactId>dcaegen2-sdk-moher-server-adapters</artifactId> <groupId>org.onap.dcaegen2.services.sdk</groupId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> </parent> <name>Monitoring and Healthcheck :: Server Adapters :: Spring Webflux</name> @@ -45,6 +45,7 @@ <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webflux</artifactId> +<!-- <version>5.3.20</version>--> </dependency> <dependency> <groupId>org.onap.dcaegen2.services.sdk</groupId> diff --git a/standardization/pom.xml b/standardization/pom.xml index 193c080d..af0ec538 100644 --- a/standardization/pom.xml +++ b/standardization/pom.xml @@ -21,7 +21,7 @@ language governing permissions and limitations under the License. <parent> <groupId>org.onap.dcaegen2.services</groupId> <artifactId>sdk</artifactId> - <version>1.8.9-SNAPSHOT</version> + <version>${revision}</version> <relativePath>..</relativePath> </parent> @@ -37,4 +37,8 @@ language governing permissions and limitations under the License. <module>moher-api</module> </modules> + <properties> + <onap-gerrit-review>-changelog-missing</onap-gerrit-review> + </properties> + </project> diff --git a/version.properties b/version.properties index 4ae65b7e..51dd6a7c 100644 --- a/version.properties +++ b/version.properties @@ -1,6 +1,6 @@ major=1 minor=8 -patch=9 +patch=10 base_version=${major}.${minor}.${patch} release_version=${base_version} snapshot_version=${base_version}-SNAPSHOT |