summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2018-03-05 20:34:18 -0500
committerPamela Dragosh <pdragosh@research.att.com>2018-03-05 20:34:30 -0500
commit48276315757f6561ee6a52575c07ba4d726679f5 (patch)
treea17e2fe76bf67c08ee3752214dbbee64dd8bd01d
parentd7dd5e1a57ae6bf0b0e832a7ccb323f9cf972b80 (diff)
Clean up pom.xml and fix CLM
This has some cleanup for overriding managed dependencies, a duplicate entry for mariadb, unnecessary inclusion of older EELF library, an upgrade of swagger tools to fix a security issue and lastly an override of a depedency to clear a security issue. Issue-ID: POLICY-507 Change-Id: I8767f6edc37551c559010d96d350afdd5961f13d Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
-rw-r--r--LogParser/pom.xml3
-rw-r--r--ONAP-PAP-REST/pom.xml1
-rw-r--r--ONAP-PDP-REST/pom.xml2
-rw-r--r--ONAP-SDK-APP/pom.xml5
-rw-r--r--PolicyEngineUtils/pom.xml19
5 files changed, 16 insertions, 14 deletions
diff --git a/LogParser/pom.xml b/LogParser/pom.xml
index 0bd21a8de..16c58dd4c 100644
--- a/LogParser/pom.xml
+++ b/LogParser/pom.xml
@@ -34,7 +34,6 @@
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
- <version>1.4.193</version>
</dependency>
<dependency>
<groupId>org.mariadb.jdbc</groupId>
@@ -70,7 +69,7 @@
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
- <version>2.4</version>
+ <version>2.8.2</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
diff --git a/ONAP-PAP-REST/pom.xml b/ONAP-PAP-REST/pom.xml
index 828f466c4..0c04a8600 100644
--- a/ONAP-PAP-REST/pom.xml
+++ b/ONAP-PAP-REST/pom.xml
@@ -190,7 +190,6 @@
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
- <version>[1.4.186,)</version>
</dependency>
<dependency>
<groupId>com.github.fge</groupId>
diff --git a/ONAP-PDP-REST/pom.xml b/ONAP-PDP-REST/pom.xml
index bd08a0e63..ad7c70c88 100644
--- a/ONAP-PDP-REST/pom.xml
+++ b/ONAP-PDP-REST/pom.xml
@@ -198,7 +198,7 @@
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
- <version>2.5.0</version>
+ <version>2.7.0</version>
</dependency>
<dependency>
<groupId>org.onap.policy.engine</groupId>
diff --git a/ONAP-SDK-APP/pom.xml b/ONAP-SDK-APP/pom.xml
index 687e5b3a2..9e6f1b21c 100644
--- a/ONAP-SDK-APP/pom.xml
+++ b/ONAP-SDK-APP/pom.xml
@@ -279,11 +279,6 @@
<artifactId>epsdk-workflow</artifactId>
<version>${epsdk.version}</version>
</dependency>
- <dependency>
- <groupId>com.att.eelf</groupId>
- <artifactId>eelf-core</artifactId>
- <version>0.0.1</version>
- </dependency>
<!-- bridge to implement commons-logging using slf4j -->
<dependency>
<groupId>org.slf4j</groupId>
diff --git a/PolicyEngineUtils/pom.xml b/PolicyEngineUtils/pom.xml
index 9e2e13b15..e7196c511 100644
--- a/PolicyEngineUtils/pom.xml
+++ b/PolicyEngineUtils/pom.xml
@@ -88,15 +88,20 @@
<version>4.11</version>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.mariadb.jdbc</groupId>
- <artifactId>mariadb-java-client</artifactId>
- <version>1.2.3</version>
+ <!--
+ CLM security fix - force use of xstream
+ Remove this if a new version of drools-verifier is upgraded
+ that upgrades to xstream.
+ -->
+ <dependency>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ <version>1.4.10</version>
</dependency>
<dependency>
<groupId>org.drools</groupId>
<artifactId>drools-verifier</artifactId>
- <version>6.3.0.Final</version>
+ <version>6.5.0.Final</version>
<exclusions>
<exclusion>
<groupId>com.google.guava</groupId>
@@ -106,6 +111,10 @@
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>