diff options
author | liamfallon <liam.fallon@ericsson.com> | 2018-04-18 21:16:52 +0100 |
---|---|---|
committer | liamfallon <liam.fallon@ericsson.com> | 2018-04-18 21:18:00 +0100 |
commit | cfd1160833ecb24c336fe6d0d197547c36ce2327 (patch) | |
tree | 26712483830422ef97e26ac79a1301eb4a2b4cad /PolicyEngineAPI/pom.xml | |
parent | 9154e24b32e41cf987daf02da01eaca7805fc291 (diff) |
Remove insecure dependency on PolicyEngineAPI
The insecure dependency tyrus-container-grizzly-client is
part of Tyrus, a Java web socket implementation library.
A direct substitution of this library is not available so
the code in AutoClientEnd.java and ManualClientEnd.java
was adapted to work with the library
org.java-websocket.Java-WebSocket
that does not seem to have any vulnerabilities when tested
with the org.owasp.dependency-check-maven plugin.
The purpose of this submission is to see if the new library
does indeed remove the vulnerability. If so, the implementation
in AutoClientEnd and ManualClientEnd must be cleaned up.
Change-Id: I961635aaea42c2f847edf11ee77e2961cdfb097b
Issue-ID: POLICY-744
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
Diffstat (limited to 'PolicyEngineAPI/pom.xml')
-rw-r--r-- | PolicyEngineAPI/pom.xml | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/PolicyEngineAPI/pom.xml b/PolicyEngineAPI/pom.xml index 4b1cc4562..ebfab472e 100644 --- a/PolicyEngineAPI/pom.xml +++ b/PolicyEngineAPI/pom.xml @@ -60,19 +60,14 @@ <version>1.1</version> </dependency> <dependency> - <groupId>org.glassfish.tyrus</groupId> - <artifactId>tyrus-client</artifactId> - <version>1.13</version> - </dependency> - <dependency> - <groupId>org.glassfish.tyrus</groupId> - <artifactId>tyrus-container-grizzly-client</artifactId> - <version>1.13</version> + <groupId>org.java-websocket</groupId> + <artifactId>Java-WebSocket</artifactId> + <version>1.3.8</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> - <version>4.3.3.RELEASE</version> + <version>4.3.15.RELEASE</version> </dependency> <dependency> <groupId>com.google.code.gson</groupId> |