diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2018-03-05 20:34:18 -0500 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2018-03-05 20:34:30 -0500 |
commit | 48276315757f6561ee6a52575c07ba4d726679f5 (patch) | |
tree | a17e2fe76bf67c08ee3752214dbbee64dd8bd01d | |
parent | d7dd5e1a57ae6bf0b0e832a7ccb323f9cf972b80 (diff) |
Clean up pom.xml and fix CLM
This has some cleanup for overriding managed dependencies, a
duplicate entry for mariadb, unnecessary inclusion of older
EELF library, an upgrade of swagger tools to fix a security
issue and lastly an override of a depedency to clear a
security issue.
Issue-ID: POLICY-507
Change-Id: I8767f6edc37551c559010d96d350afdd5961f13d
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
-rw-r--r-- | LogParser/pom.xml | 3 | ||||
-rw-r--r-- | ONAP-PAP-REST/pom.xml | 1 | ||||
-rw-r--r-- | ONAP-PDP-REST/pom.xml | 2 | ||||
-rw-r--r-- | ONAP-SDK-APP/pom.xml | 5 | ||||
-rw-r--r-- | PolicyEngineUtils/pom.xml | 19 |
5 files changed, 16 insertions, 14 deletions
diff --git a/LogParser/pom.xml b/LogParser/pom.xml index 0bd21a8de..16c58dd4c 100644 --- a/LogParser/pom.xml +++ b/LogParser/pom.xml @@ -34,7 +34,6 @@ <dependency> <groupId>com.h2database</groupId> <artifactId>h2</artifactId> - <version>1.4.193</version> </dependency> <dependency> <groupId>org.mariadb.jdbc</groupId> @@ -70,7 +69,7 @@ <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-api</artifactId> - <version>2.4</version> + <version>2.8.2</version> </dependency> <dependency> <groupId>org.apache.logging.log4j</groupId> diff --git a/ONAP-PAP-REST/pom.xml b/ONAP-PAP-REST/pom.xml index 828f466c4..0c04a8600 100644 --- a/ONAP-PAP-REST/pom.xml +++ b/ONAP-PAP-REST/pom.xml @@ -190,7 +190,6 @@ <dependency> <groupId>com.h2database</groupId> <artifactId>h2</artifactId> - <version>[1.4.186,)</version> </dependency> <dependency> <groupId>com.github.fge</groupId> diff --git a/ONAP-PDP-REST/pom.xml b/ONAP-PDP-REST/pom.xml index bd08a0e63..ad7c70c88 100644 --- a/ONAP-PDP-REST/pom.xml +++ b/ONAP-PDP-REST/pom.xml @@ -198,7 +198,7 @@ <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger-ui</artifactId> - <version>2.5.0</version> + <version>2.7.0</version> </dependency> <dependency> <groupId>org.onap.policy.engine</groupId> diff --git a/ONAP-SDK-APP/pom.xml b/ONAP-SDK-APP/pom.xml index 687e5b3a2..9e6f1b21c 100644 --- a/ONAP-SDK-APP/pom.xml +++ b/ONAP-SDK-APP/pom.xml @@ -279,11 +279,6 @@ <artifactId>epsdk-workflow</artifactId> <version>${epsdk.version}</version> </dependency> - <dependency> - <groupId>com.att.eelf</groupId> - <artifactId>eelf-core</artifactId> - <version>0.0.1</version> - </dependency> <!-- bridge to implement commons-logging using slf4j --> <dependency> <groupId>org.slf4j</groupId> diff --git a/PolicyEngineUtils/pom.xml b/PolicyEngineUtils/pom.xml index 9e2e13b15..e7196c511 100644 --- a/PolicyEngineUtils/pom.xml +++ b/PolicyEngineUtils/pom.xml @@ -88,15 +88,20 @@ <version>4.11</version> <scope>test</scope> </dependency> - <dependency> - <groupId>org.mariadb.jdbc</groupId> - <artifactId>mariadb-java-client</artifactId> - <version>1.2.3</version> + <!-- + CLM security fix - force use of xstream + Remove this if a new version of drools-verifier is upgraded + that upgrades to xstream. + --> + <dependency> + <groupId>com.thoughtworks.xstream</groupId> + <artifactId>xstream</artifactId> + <version>1.4.10</version> </dependency> <dependency> <groupId>org.drools</groupId> <artifactId>drools-verifier</artifactId> - <version>6.3.0.Final</version> + <version>6.5.0.Final</version> <exclusions> <exclusion> <groupId>com.google.guava</groupId> @@ -106,6 +111,10 @@ <groupId>com.lowagie</groupId> <artifactId>itext</artifactId> </exclusion> + <exclusion> + <groupId>com.thoughtworks.xstream</groupId> + <artifactId>xstream</artifactId> + </exclusion> </exclusions> </dependency> <dependency> |