summaryrefslogtreecommitdiffstats
path: root/PolicyEngineAPI/pom.xml
diff options
context:
space:
mode:
authorliamfallon <liam.fallon@ericsson.com>2018-04-18 21:16:52 +0100
committerliamfallon <liam.fallon@ericsson.com>2018-04-18 21:18:00 +0100
commitcfd1160833ecb24c336fe6d0d197547c36ce2327 (patch)
tree26712483830422ef97e26ac79a1301eb4a2b4cad /PolicyEngineAPI/pom.xml
parent9154e24b32e41cf987daf02da01eaca7805fc291 (diff)
Remove insecure dependency on PolicyEngineAPI
The insecure dependency tyrus-container-grizzly-client is part of Tyrus, a Java web socket implementation library. A direct substitution of this library is not available so the code in AutoClientEnd.java and ManualClientEnd.java was adapted to work with the library org.java-websocket.Java-WebSocket that does not seem to have any vulnerabilities when tested with the org.owasp.dependency-check-maven plugin. The purpose of this submission is to see if the new library does indeed remove the vulnerability. If so, the implementation in AutoClientEnd and ManualClientEnd must be cleaned up. Change-Id: I961635aaea42c2f847edf11ee77e2961cdfb097b Issue-ID: POLICY-744 Signed-off-by: liamfallon <liam.fallon@ericsson.com>
Diffstat (limited to 'PolicyEngineAPI/pom.xml')
-rw-r--r--PolicyEngineAPI/pom.xml13
1 files changed, 4 insertions, 9 deletions
diff --git a/PolicyEngineAPI/pom.xml b/PolicyEngineAPI/pom.xml
index 4b1cc4562..ebfab472e 100644
--- a/PolicyEngineAPI/pom.xml
+++ b/PolicyEngineAPI/pom.xml
@@ -60,19 +60,14 @@
<version>1.1</version>
</dependency>
<dependency>
- <groupId>org.glassfish.tyrus</groupId>
- <artifactId>tyrus-client</artifactId>
- <version>1.13</version>
- </dependency>
- <dependency>
- <groupId>org.glassfish.tyrus</groupId>
- <artifactId>tyrus-container-grizzly-client</artifactId>
- <version>1.13</version>
+ <groupId>org.java-websocket</groupId>
+ <artifactId>Java-WebSocket</artifactId>
+ <version>1.3.8</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
- <version>4.3.3.RELEASE</version>
+ <version>4.3.15.RELEASE</version>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>