From ff86f98e38f3df388ff3dfa3b3bd995707d05b9b Mon Sep 17 00:00:00 2001
From: liamfallon <liam.fallon@est.tech>
Date: Sun, 21 Jun 2020 21:52:55 +0100
Subject: Remove apex-pdp Jackson security issue

We should use the managed version of jackson from policy-parent rather
than a specific apex-pdp version.

Also upgrade the version of Avro, avro 1.9.2 uses a newer somewhat more
secure version of Jackson.

Issue-ID: POLICY-1508
Change-Id: If32218816ae76cf3cf6ddc8980e3a37e7e2ffd19
Signed-off-by: liamfallon <liam.fallon@est.tech>
---
 .../messaging/impl/ws/client/MessagingClient.java         |  2 +-
 .../plugins-context-schema-avro/pom.xml                   |  9 +++++----
 pom.xml                                                   | 15 ++-------------
 tools/tools-common/pom.xml                                |  1 -
 4 files changed, 8 insertions(+), 19 deletions(-)

diff --git a/core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/messaging/impl/ws/client/MessagingClient.java b/core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/messaging/impl/ws/client/MessagingClient.java
index 5d45c473b..0615837af 100644
--- a/core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/messaging/impl/ws/client/MessagingClient.java
+++ b/core/core-infrastructure/src/main/java/org/onap/policy/apex/core/infrastructure/messaging/impl/ws/client/MessagingClient.java
@@ -1,6 +1,7 @@
 /*-
  * ============LICENSE_START=======================================================
  *  Copyright (C) 2016-2018 Ericsson. All rights reserved.
+ *  Modifications Copyright (C) 2020 Nordix Foundation.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -103,7 +104,6 @@ public class MessagingClient<M> extends InternalMessageBusClient<M> implements M
         do {
             switch (connection.getReadyState()) {
                 case NOT_YET_CONNECTED:
-                case CONNECTING:
                 case CLOSING:
                     // Not connected yet so wait for the try interval
                     ThreadUtilities.sleep(CONNECTION_TRY_INTERVAL_MS);
diff --git a/plugins/plugins-context/plugins-context-schema/plugins-context-schema-avro/pom.xml b/plugins/plugins-context/plugins-context-schema/plugins-context-schema-avro/pom.xml
index e1a6aac5f..775b620a6 100644
--- a/plugins/plugins-context/plugins-context-schema/plugins-context-schema-avro/pom.xml
+++ b/plugins/plugins-context/plugins-context-schema/plugins-context-schema-avro/pom.xml
@@ -1,19 +1,20 @@
 <!--
   ============LICENSE_START=======================================================
    Copyright (C) 2016-2018 Ericsson. All rights reserved.
+   Modifications Copyright (C) 2020 Nordix Foundation.
   ================================================================================
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
-  
+
        http://www.apache.org/licenses/LICENSE-2.0
-  
+
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
-  
+
   SPDX-License-Identifier: Apache-2.0
   ============LICENSE_END=========================================================
 -->
@@ -33,7 +34,7 @@
         <dependency>
             <groupId>org.apache.avro</groupId>
             <artifactId>avro</artifactId>
-            <version>1.9.0</version>
+            <version>1.9.2</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.apache.commons</groupId>
diff --git a/pom.xml b/pom.xml
index 3f2e4d7f0..bb5e5afa0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -45,9 +45,8 @@
         <version.commons-cli>1.4</version.commons-cli>
         <version.kafka>2.3.0</version.kafka>
         <version.hibernate>5.3.7.Final</version.hibernate>
-        <version.policy.common>1.6.5</version.policy.common>
-        <version.policy.models>2.2.6</version.policy.models>
-        <version.jackson>2.10.0.pr3</version.jackson>
+        <version.policy.common>1.7.0-SNAPSHOT</version.policy.common>
+        <version.policy.models>2.3.0-SNAPSHOT</version.policy.models>
         <version.jgroups>4.1.5.Final</version.jgroups>
         <version.commons-codec>20041127.091804</version.commons-codec>
         <version.caffeine>2.8.0</version.caffeine>
@@ -111,16 +110,6 @@
                 <artifactId>policy-endpoints</artifactId>
                 <version>${version.policy.common}</version>
             </dependency>
-           <dependency>
-                <groupId>com.fasterxml.jackson.core</groupId>
-                <artifactId>jackson-core</artifactId>
-                <version>${version.jackson}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.core</groupId>
-                <artifactId>jackson-databind</artifactId>
-                <version>${version.jackson}</version>
-            </dependency>
             <dependency>
                 <groupId>org.jgroups</groupId>
                 <artifactId>jgroups</artifactId>
diff --git a/tools/tools-common/pom.xml b/tools/tools-common/pom.xml
index d664d4cfb..5ebef421e 100644
--- a/tools/tools-common/pom.xml
+++ b/tools/tools-common/pom.xml
@@ -37,7 +37,6 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.6</version>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
-- 
cgit 1.2.3-korg