Age | Commit message (Collapse) | Author | Files | Lines |
|
For Casablanca Maintenance Release 3.0.2 - keystore upgrade.
Issue-ID: POLICY-1649
Change-Id: I7ebad20593574a6d0f462b8bb9a8a672e30a8357
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Unable to cherry-pick, so making a new review. And
need to upgrade the version.
This upgrade fixes a few security issues as described in the JIRA.
Issue-ID: POLICY-1538
Change-Id: I467acbb1dce1a922b13a521e9dd40477c012b409
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Change-Id: I80c0fca0c947614984362d2bfc16dc4e5b55b5c4
Issue-ID: POLICY-1390
Signed-off-by: Jorge Hernandez <jorge.hernandez-herrero@att.com>
|
|
Issue-ID: POLICY-1262
Change-Id: Iff542c9d6e07f143517bd0470cee7c6a6a90a065
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
|
|
Upgrading policy/parent to v1.1.9 requires these
code changes to occur.
Need to change to policy/parent 2.0.1 for the
right dmaap to be included.
Upgrade policy common and drools-applications to
1.3.3 released artifacts.
Also just included the change from gerrit review
https://gerrit.onap.org/r/#/c/72026/ instead of
cherry picking it.
Updating release to 1.3.3-SNAPSHOT
Issue-ID: POLICY-1229
Change-Id: I16f4bbd9ba2d46cdc3b94feba1f2e7f20d837dad
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
(cherry picked from commit fe8b9e72cafa4acf31db4239593a74a5ccf89a4a)
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Issue-ID: POLICY-1233
Change-Id: I1d388e1f4a872cf4e3013f8968e9026460e847f3
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
|
|
Issue-ID: POLICY-1213
Change-Id: I6666585a176b9e981976777018e4b7616e47ffc7
Signed-off-by: ramverma <ram.krishna.verma@ericsson.com>
|
|
Still a couple more places to remove it due to security
violations. Unused dependency.
Issue-ID: POLICY-1214
Change-Id: Ie9a4755fa912a863be58f6ddec104702e68287d4
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Added exclusions to epsdk dependencies and added dependencies for
springframework jars that were needed to the ONAP-SDK-APP
Change-Id: I037ffa76d3d32b2db5ea2c439f40e8a86e1665f5
Issue-ID: POLICY-1154
Signed-off-by: Michael Mokry <michael.mokry@att.com>
|
|
The former version was frozen in github. It looks like they
moved to another website and the changes were transparent codewise.
So let's see what the CLM results are for this. I believe this
does remove the security vulnerability.
Issue-ID: POLICY-1127
Change-Id: Ib659eddc2808131c8dded3782fcf1d382060fc29
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
|
|
Upgraded SDK version.
Added SQL script with encrypt key.
Added a function to save role on reading from session in
PolicyController.java
Addressed Check Style warnings in PolicyController.java
Issue-ID: POLICY-1088
Change-Id: I446b6c1a0db2a989ad3f4e982e5cdba845f81045
Signed-off-by: rb7147 <rb7147@att.com>
|
|
Resolves a security issue around information disclosure. The
recommendation is to upgrade to this version for the fix.
Issue-ID: POLICY-1063
Change-Id: Idebb19d2c530b716a25aa91832c053e6b2d0ffce
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Fixes 2 security issues and brings the common property
value to the root pom.xml for easier management.
Issue-ID: POLICY-1063
Change-Id: I56e3318bdfae2d205c61a5ad7af70a79bd70dada
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Change from oparent to policy/parent which inherit from
the latest oparent. The latest oparent has dependencyManagement
recommendations from the ONAP Security sub committee that
the policy team is adhering as part of the effort to consolidate
security work across projects.
Change-Id: I1a43fc5a04dbc8c4cb2b7bedbca67ad3e9dd120b
Issue-ID: INT-619
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
While creating a decision Bl Guard Policy we are allowing to add
Blacklist entries through file upload for bulk from GUI.
Issue-ID: POLICY-901
Change-Id: I4031fd4a96937b9facc330cecf72777d701d4678
Signed-off-by: rb7147 <rb7147@att.com>
|
|
Upgraded version in pom to 2.3.1
Added SQL scripts from Portal to Upgrade Portal related db tables
Added SQL downgrade script and license header
Sorted SQL commands in upgrade script by function_cd per Jim
Change-Id: Id6bef295956b6ec5b13d8fbd0006bbfe98c1c0ac
Issue-ID: POLICY-918
Signed-off-by: Mike Mokry <mm117s@att.com>
|
|
Some of the projects are being built with logback version, 1.1.3, which
does not support the SizeAndTimeBasedRollingPolicy appender. Updated
the offending pom.xml to force it to use logback 1.2.3 instead.
Change-Id: I3277b28133498f4ad9fbc3ed8b3e9e7e9519bbeb
Issue-ID: POLICY-785
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Snapshot updated for Casablanca.
Change-Id: Ieb2c9a990c0f36f31c974038465e7d38aaa21e5d
Issue-ID: POLICY-875
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
|
|
These reviews must be merged in order because of layering.
This review should be merged FOURTH.
Change-Id: Ifca8e33b79085a4032164b44dae3401f8179f5f6
Issue-ID: POLICY-844
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
|
|
These reviews must be merged in order because of layering.
This review should be merged SECOND
Note: In order to get past the following layering problems, there
are temporary chages to the following POMs to temporarily use 1.2.1-SNAPSHOT
for those dependencies. They are
ONAP-PAP-REST/pom.xml
org.onap.policy.drools-applications.controlloop.common.policy-yaml
ONAP-PDP/pom.xml
org.onap.policy.drools-pdp.policy-endpoints
A separate review will be used to restore these dependencies to 1.2.2-SNAPSHOT
once the drools-pdp and drools-applications reviews are submitted and merged
PLD added version.properties
Issue-ID: POLICY-798
Change-Id: Id7e83f2ba12181c63cc8845b7eeccf2004d2bab9
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
|
|
https://nvd.nist.gov/vuln/detail/CVE-2017-12626
Issue-ID: POLICY-722
Change-Id: I016d2d357858729b402ad010d47a31af053d2799
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Upgrade hibernator to clear clm issue.
https://nvd.nist.gov/vuln/detail/CVE-2017-7536
Issue-ID: POLICY-722
Change-Id: I1a4d9aa8ad3b477db0c91bd5a53a67932554213d
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Issue-ID: POLICY-736
Change-Id: If5c959aa1c0a123c7fd9eee281e39e1d646b6b03
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Issue-ID: POLICY-507
Change-Id: I493233f8e0e90eaf24e9c09c7433c6fb9fadb268
Signed-off-by: bobbymander <bobby.mander@att.com>
|
|
Some of these were ommitted from compile while others
were not completely ommitted.
Upgraded maven-compiler since it upgraded plexus-utils
Upgraded latest version of jackson-databind 2.9.5
Issue-ID: POLICY-507
Change-Id: If92ff4355329c48fbe76e0245d6c8344ebb8084d
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Issue-ID: POLICY-600
Change-Id: I870317bbd125c6016818ec435ea7a406123c66c1
Signed-off-by: bobbymander <bobby.mander@att.com>
|
|
v4.5.1 is being ommitted via maven depedency resolution.
So we will exclude to help clear the CLM issue being
flagged.
Issue-ID: POLICY-507
Change-Id: I5636da0a8109fa66cf00eb9205d89d7437517955
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Will not clear any CLM issue but this for uses a version that is
using the latest lucene-queryparser. It is noted in the CVE for
lucene-queryparser that elasticsearch is not affected by the
issue. We will upgrade to keep up with the latest code.
Issue-ID: POLICY-507
Change-Id: I8580dbc704c48245faf298304b8aec76c9e773c4
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Issue-ID: POLICY-645
Change-Id: Ie83b4c91c8186433e582cccadf5c3d32209a88f4
Signed-off-by: rb7147 <rb7147@att.com>
|
|
First submit for re-organizing pom.xml dependencies. H2 is ONLY
used for testing and should be loaded otherwise. We removed it
from policy/common so that is affecting these test.
Issue-ID: POLICY-626
Change-Id: Iba86e89f2cb26581b2b465091e829d6bdd66a37b
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Issue-ID: POLICY-620
Change-Id: Ib7cf286f62e945edcf5720ce2c53957b8456126d
Signed-off-by: rb7147 <rb7147@att.com>
|
|
A bit of consolidation too - which could use a lot more work. These
were simple security upgrades for fixes identified by LF weekly LCM job.
Added some missing license headers.
Issue-ID: POLICY-507
Change-Id: If285b0f95d30a1084c9363bf6a41b48d52fb3aff
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Upgraded latest ONAP SDK Code.
Change-Id: I669d6cfcefe068b1e4c078889d7d6c77ce788e2e
Issue-ID: POLICY-432
Signed-off-by: rb7147 <rb7147@att.com>
|
|
Bump minor version in preparation for Amsterdam
branching.
Change-Id: I61e0ae91e3ece54ed09a88dad9b8dac173ccae07
Issue-ID: CIMAN-120
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
|
|
Release 1.1.1, moving patch to 1.1.2
Issue-ID: POLICY-436
Change-Id: Iabde3e56c04c68ca966efde09b5780e6275cb8a8
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Releasing v1.1.0 so need to update to v1.1.1
Issue-ID: POLICY-436
Change-Id: Ic575e75d0321c3de2074f8e23d2d0bbd11f6a229
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Updated epsdk version from 1.1.0 to 1.3.1 to resolve the flexslider.
Added Exclusions to resolve the mysql and iText.
Issue-ID: POLICY-355
Change-Id: Iffb052bee37aa3c10f634db1b5bdb2985e9f176b
Signed-off-by: rb7147 <rb7147@att.com>
|
|
The 3rd party javascript and css code is provided by portal team
and should not be included in code coverage for sonar.
Issue-ID: POLICY-253
Change-Id: I7a03dda032d06452f806dbb768338d6ca55b6375
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Removed duplicates and overriden version warnings from pom.xml
Issue-Id: POLICY-167
Change-Id: Idd3695ae12988b02eff9a1f1a4cded723da4b980
Signed-off-by: Tarun Tej Velaga <tt3868@att.com>
|
|
Add fix for SQL injection by passing parameters into getDataByQuery method and binding parameters. Add junit test file. Override equals and hashcode methods for more thorough testing on ActionBodyEntity, ConfigurationDataEntity, PolicyEntity, PolicyVersion, WatchPolicyNotificationTable classes.
Issue-Id: [POLICY-158]
Change-Id: Icebe1ca1ff01c8ea7435729967f4d349a1026054
Signed-off-by: ITSERVICES\cr056n <cr056n@att.com>
|
|
Change-Id: I54072f6bcd388c0e05562614ee89b4ae7ad67004
Signed-off-by: Guo Ruijing <ruijing.guo@intel.com>
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Change-Id: I4cd4b7f6ae022fb514405dfdeb9cc0e070179506
Signed-off-by: Jorge Hernandez <jh1730@att.com>
|
|
Change-Id: I62642695262b72b2c048e9c76b986308cbd0c532
Signed-off-by: Guo Ruijing <ruijing.guo@intel.com>
|
|
Change-Id: I5b017aad569014c7f12eab35e1dbd1c215f90ebe
Signed-off-by: Ravindra Bakkamanthala <rb7147@att.com>
|
|
Change-Id: I18f5b142238733d17280cf17c3d1dd28204d34e9
Signed-off-by: ITSERVICES\rb7147 <rb7147@att.com>
|
|
Change-Id: Ibe6f01d92f9a434c040abb05d5386e89d675ae65
Signed-off-by: ITSERVICES\rb7147 <rb7147@att.com>
|