From a04e69e1f9c0dbe7c1317cc879a0fad70db83595 Mon Sep 17 00:00:00 2001
From: su622b <su622b@att.com>
Date: Wed, 9 Sep 2020 13:25:36 -0400
Subject: fixes for security vulnerabilities

Issue-ID: DMAAP-1488
Change-Id: I8626c29ac1d0fffbfa22d47460c10b232e3fae81
Signed-off-by: su622b <su622b@att.com>
---
 pom.xml | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'pom.xml')

diff --git a/pom.xml b/pom.xml
index 63ed6d8..db802cd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -75,8 +75,13 @@
 	    <dependency>
 		<groupId>commons-codec</groupId>
 		<artifactId>commons-codec</artifactId>
-		<version>1.13</version>
+		<version>1.14</version>
 	</dependency>
+	<dependency>
+            <groupId>org.javassist</groupId>
+            <artifactId>javassist</artifactId>
+            <version>3.20.0-GA</version>
+        </dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
@@ -124,18 +129,24 @@
 			</exclusions>
 		</dependency>
 		<!-- Begin - Dependency on log4j for logging purpose -->
-		<dependency>
+		<!-- <dependency>
 			<groupId>log4j</groupId>
 			<artifactId>log4j</artifactId>
 			<version>1.2.17</version>
 		</dependency>
-		<!-- Log4j's enhanced pattern layout is shipped separately -->
+		Log4j's enhanced pattern layout is shipped separately
 		<dependency>
 			<groupId>log4j</groupId>
 			<artifactId>apache-log4j-extras</artifactId>
 			<version>1.2.17</version>
-		</dependency>
+		</dependency> -->
 		<!-- End - Dependency on log4j for logging purpose -->
+		
+		<dependency>
+			<groupId>commons-io</groupId>
+			<artifactId>commons-io</artifactId>
+			<version>2.7</version>
+		</dependency>
 
 		<dependency>
 			<groupId>javax.ws.rs</groupId>
-- 
cgit 1.2.3-korg