Fix vulnerability issue: upgrade org.apache.tomcat.embed.tomcat-embed-core to 8.5.42

tomcat-embed-core is part of springboot

Issue-ID: LOG-1066
Signed-off-by: Prudence Au <prudence.au@amdocs.com>
Change-Id: Ice8d4954edff07aef41b17ce3981d9f9ef754319

1 files changed, 11 insertions, 1 deletions

diff --git a/reference/logging-slf4j-demo/pom.xml b/reference/logging-slf4j-demo/pom.xml
index 55c5ce9..61370d9 100644
--- a/reference/logging-slf4j-demo/pom.xml
+++ b/reference/logging-slf4j-demo/pom.xml
@@ -16,7 +16,7 @@
              spring-expression 4.3.14 goes to 4.3.17 under 1.5.15
              1.5.17 ups jackson-databind from 2.8.11.2 - but we will likely need 2.9+
          -->
-        <springframework.boot.version>1.5.17.RELEASE</springframework.boot.version>
+        <springframework.boot.version>1.5.22.RELEASE</springframework.boot.version>
         <spring.version>5.1.2.RELEASE</spring.version>
         <logback.version>1.2.3</logback.version>
     </properties>
@@ -30,8 +30,18 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-starter-json</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+		</dependency>
+        <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
         </dependency>