summaryrefslogtreecommitdiffstats
path: root/POLICY-SDK-APP/pom.xml
AgeCommit message (Collapse)AuthorFilesLines
2018-10-04Fixed issue with springframework dependenciesMichael Mokry1-0/+13
Added exclusions to epsdk dependencies and added dependencies for springframework jars that were needed to the ONAP-SDK-APP Change-Id: I037ffa76d3d32b2db5ea2c439f40e8a86e1665f5 Issue-ID: POLICY-1154 Signed-off-by: Michael Mokry <michael.mokry@att.com>
2018-09-20Upgrade javax.mail to 1.6.2Pamela Dragosh1-3/+3
The former version was frozen in github. It looks like they moved to another website and the changes were transparent codewise. So let's see what the CLM results are for this. I believe this does remove the security vulnerability. Issue-ID: POLICY-1127 Change-Id: Ib659eddc2808131c8dded3782fcf1d382060fc29 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-09-18Merge "AAF integration in Policy SDK"Pamela Dragosh1-1/+1
2018-09-17AAF integration in Policy SDKrb71471-1/+1
Upgraded SDK version. Added SQL script with encrypt key. Added a function to save role on reading from session in PolicyController.java Addressed Check Style warnings in PolicyController.java Issue-ID: POLICY-1088 Change-Id: I446b6c1a0db2a989ad3f4e982e5cdba845f81045 Signed-off-by: rb7147 <rb7147@att.com>
2018-09-17Upgrade elasticsearch v6.3.0Pamela Dragosh1-1/+1
Resolves a security issue around information disclosure. The recommendation is to upgrade to this version for the fix. Issue-ID: POLICY-1063 Change-Id: Idebb19d2c530b716a25aa91832c053e6b2d0ffce Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-09-14Upgrade commons-compress v1.18Pamela Dragosh1-1/+1
Fixes 2 security issues and brings the common property value to the root pom.xml for easier management. Issue-ID: POLICY-1063 Change-Id: I56e3318bdfae2d205c61a5ad7af70a79bd70dada Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-08-30Upgrade to policy/parentPamela Dragosh1-263/+260
Change from oparent to policy/parent which inherit from the latest oparent. The latest oparent has dependencyManagement recommendations from the ONAP Security sub committee that the policy team is adhering as part of the effort to consolidate security work across projects. Change-Id: I1a43fc5a04dbc8c4cb2b7bedbca67ad3e9dd120b Issue-ID: INT-619 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-07-24Decision BlackList Guard Enhancementsrb71471-0/+5
While creating a decision Bl Guard Policy we are allowing to add Blacklist entries through file upload for bulk from GUI. Issue-ID: POLICY-901 Change-Id: I4031fd4a96937b9facc330cecf72777d701d4678 Signed-off-by: rb7147 <rb7147@att.com>
2018-07-12Upgrade Portal SDK to resolve Security IssuesMichael Mokry1-1/+1
Upgraded version in pom to 2.3.1 Added SQL scripts from Portal to Upgrade Portal related db tables Added SQL downgrade script and license header Sorted SQL commands in upgrade script by function_cd per Jim Change-Id: Id6bef295956b6ec5b13d8fbd0006bbfe98c1c0ac Issue-ID: POLICY-918 Signed-off-by: Mike Mokry <mm117s@att.com>
2018-06-08Enforce logback versionJim Hahn1-0/+6
Some of the projects are being built with logback version, 1.1.3, which does not support the SizeAndTimeBasedRollingPolicy appender. Updated the offending pom.xml to force it to use logback 1.2.3 instead. Change-Id: I3277b28133498f4ad9fbc3ed8b3e9e7e9519bbeb Issue-ID: POLICY-785 Signed-off-by: Jim Hahn <jrh3@att.com>
2018-06-05Update engine to SNAPSHOT-1.3.0liamfallon1-1/+1
Snapshot updated for Casablanca. Change-Id: Ieb2c9a990c0f36f31c974038465e7d38aaa21e5d Issue-ID: POLICY-875 Signed-off-by: liamfallon <liam.fallon@ericsson.com>
2018-05-21Update Policy Engine to 1.2.3-SNAPSHOTliamfallon1-1/+1
These reviews must be merged in order because of layering. This review should be merged FOURTH. Change-Id: Ifca8e33b79085a4032164b44dae3401f8179f5f6 Issue-ID: POLICY-844 Signed-off-by: liamfallon <liam.fallon@ericsson.com>
2018-05-16Upgrade SNAPSHOT to 1.2.2liamfallon1-1/+1
These reviews must be merged in order because of layering. This review should be merged SECOND Note: In order to get past the following layering problems, there are temporary chages to the following POMs to temporarily use 1.2.1-SNAPSHOT for those dependencies. They are ONAP-PAP-REST/pom.xml org.onap.policy.drools-applications.controlloop.common.policy-yaml ONAP-PDP/pom.xml org.onap.policy.drools-pdp.policy-endpoints A separate review will be used to restore these dependencies to 1.2.2-SNAPSHOT once the drools-pdp and drools-applications reviews are submitted and merged PLD added version.properties Issue-ID: POLICY-798 Change-Id: Id7e83f2ba12181c63cc8845b7eeccf2004d2bab9 Signed-off-by: liamfallon <liam.fallon@ericsson.com> Signed-off-by: Pamela Dragosh <pdragosh@research.att.com> Signed-off-by: liamfallon <liam.fallon@ericsson.com>
2018-04-18Upgrade poi to clear CLMPamela Dragosh1-2/+2
https://nvd.nist.gov/vuln/detail/CVE-2017-12626 Issue-ID: POLICY-722 Change-Id: I016d2d357858729b402ad010d47a31af053d2799 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-04-17Upgrade hibernator to clear clmPamela Dragosh1-1/+1
Upgrade hibernator to clear clm issue. https://nvd.nist.gov/vuln/detail/CVE-2017-7536 Issue-ID: POLICY-722 Change-Id: I1a4d9aa8ad3b477db0c91bd5a53a67932554213d Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-04-13Upgrade to SNAPSHOT 1.2.1Pamela Dragosh1-1/+1
Issue-ID: POLICY-736 Change-Id: If5c959aa1c0a123c7fd9eee281e39e1d646b6b03 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-03-30POM fixes due to update in cadi-aafbobbymander1-5/+0
Issue-ID: POLICY-507 Change-Id: I493233f8e0e90eaf24e9c09c7433c6fb9fadb268 Signed-off-by: bobbymander <bobby.mander@att.com>
2018-03-28Remove security issue xstream and plexus-utilsPamela Dragosh1-0/+4
Some of these were ommitted from compile while others were not completely ommitted. Upgraded maven-compiler since it upgraded plexus-utils Upgraded latest version of jackson-databind 2.9.5 Issue-ID: POLICY-507 Change-Id: If92ff4355329c48fbe76e0245d6c8344ebb8084d Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-03-28POM changes to centralize test scope depsbobbymander1-6/+0
Issue-ID: POLICY-600 Change-Id: I870317bbd125c6016818ec435ea7a406123c66c1 Signed-off-by: bobbymander <bobby.mander@att.com>
2018-03-14Exclude httpclient to resolve CLM issuePamela Dragosh1-0/+4
v4.5.1 is being ommitted via maven depedency resolution. So we will exclude to help clear the CLM issue being flagged. Issue-ID: POLICY-507 Change-Id: I5636da0a8109fa66cf00eb9205d89d7437517955 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-03-13Upgrade to latest elasticsearchPamela Dragosh1-1/+1
Will not clear any CLM issue but this for uses a version that is using the latest lucene-queryparser. It is noted in the CVE for lucene-queryparser that elasticsearch is not affected by the issue. We will upgrade to keep up with the latest code. Issue-ID: POLICY-507 Change-Id: I8580dbc704c48245faf298304b8aec76c9e773c4 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-02-21Upgraded SDK version in Policyrb71471-1/+1
Issue-ID: POLICY-645 Change-Id: Ie83b4c91c8186433e582cccadf5c3d32209a88f4 Signed-off-by: rb7147 <rb7147@att.com>
2018-02-20Fix for h2 missing from testingPamela Dragosh1-0/+5
First submit for re-organizing pom.xml dependencies. H2 is ONLY used for testing and should be loaded otherwise. We removed it from policy/common so that is affecting these test. Issue-ID: POLICY-626 Change-Id: Iba86e89f2cb26581b2b465091e829d6bdd66a37b Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-02-08Downgraded the POLICY-SDK spring versionrb71471-1/+1
Issue-ID: POLICY-620 Change-Id: Ib7cf286f62e945edcf5720ce2c53957b8456126d Signed-off-by: rb7147 <rb7147@att.com>
2018-02-07Upgrade dependencies to clear security issuesPamela Dragosh1-6/+24
A bit of consolidation too - which could use a lot more work. These were simple security upgrades for fixes identified by LF weekly LCM job. Added some missing license headers. Issue-ID: POLICY-507 Change-Id: If285b0f95d30a1084c9363bf6a41b48d52fb3aff Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2017-12-08Upgraded the latest ONAP SDKrb71471-1/+1
Upgraded latest ONAP SDK Code. Change-Id: I669d6cfcefe068b1e4c078889d7d6c77ce788e2e Issue-ID: POLICY-432 Signed-off-by: rb7147 <rb7147@att.com>
2017-11-21Bump minor versionJessica Wagantall1-1/+1
Bump minor version in preparation for Amsterdam branching. Change-Id: I61e0ae91e3ece54ed09a88dad9b8dac173ccae07 Issue-ID: CIMAN-120 Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
2017-11-15Update to v1.1.2-SNAPSHOTPamela Dragosh1-1/+1
Release 1.1.1, moving patch to 1.1.2 Issue-ID: POLICY-436 Change-Id: Iabde3e56c04c68ca966efde09b5780e6275cb8a8 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2017-11-08Update SNAPSHOT versionPamela Dragosh1-1/+1
Releasing v1.1.0 so need to update to v1.1.1 Issue-ID: POLICY-436 Change-Id: Ic575e75d0321c3de2074f8e23d2d0bbd11f6a229 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2017-10-19Resolved the License issue in Policyrb71471-2/+8
Updated epsdk version from 1.1.0 to 1.3.1 to resolve the flexslider. Added Exclusions to resolve the mysql and iText. Issue-ID: POLICY-355 Change-Id: Iffb052bee37aa3c10f634db1b5bdb2985e9f176b Signed-off-by: rb7147 <rb7147@att.com>
2017-09-20Modify pom to exclude 3rd party javascriptPamela Dragosh1-0/+1
The 3rd party javascript and css code is provided by portal team and should not be included in code coverage for sonar. Issue-ID: POLICY-253 Change-Id: I7a03dda032d06452f806dbb768338d6ca55b6375 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2017-08-24Fixes for pom warningsTej, Tarun1-1/+0
Removed duplicates and overriden version warnings from pom.xml Issue-Id: POLICY-167 Change-Id: Idd3695ae12988b02eff9a1f1a4cded723da4b980 Signed-off-by: Tarun Tej Velaga <tt3868@att.com>
2017-08-14Add fix for SQL injection.Rodriguez, Cuauhtemoctzin (cr056n)1-0/+10
Add fix for SQL injection by passing parameters into getDataByQuery method and binding parameters. Add junit test file. Override equals and hashcode methods for more thorough testing on ActionBodyEntity, ConfigurationDataEntity, PolicyEntity, PolicyVersion, WatchPolicyNotificationTable classes. Issue-Id: [POLICY-158] Change-Id: Icebe1ca1ff01c8ea7435729967f4d349a1026054 Signed-off-by: ITSERVICES\cr056n <cr056n@att.com>
2017-07-31[POLICY-73] replace openecomp for policy-engineGuo Ruijing1-3/+3
Change-Id: I54072f6bcd388c0e05562614ee89b4ae7ad67004 Signed-off-by: Guo Ruijing <ruijing.guo@intel.com> Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2017-07-14[POLICY-74] 1.1.0 release version per PORTAL-33Jorge Hernandez1-1/+1
Change-Id: I4cd4b7f6ae022fb514405dfdeb9cc0e070179506 Signed-off-by: Jorge Hernandez <jh1730@att.com>
2017-07-14[POLICY-74] policy-engine build failureGuo Ruijing1-2/+2
Change-Id: I62642695262b72b2c048e9c76b986308cbd0c532 Signed-off-by: Guo Ruijing <ruijing.guo@intel.com>
2017-05-31[Policy-17] Removed the sql scripts from sdk appRavindra Bakkamanthala1-2/+27
Change-Id: I5b017aad569014c7f12eab35e1dbd1c215f90ebe Signed-off-by: Ravindra Bakkamanthala <rb7147@att.com>
2017-05-09Policy 1707 Second commitITSERVICES\rb71471-0/+12
Change-Id: I18f5b142238733d17280cf17c3d1dd28204d34e9 Signed-off-by: ITSERVICES\rb7147 <rb7147@att.com>
2017-05-03Policy 1707 commit to LFITSERVICES\rb71471-0/+199
Change-Id: Ibe6f01d92f9a434c040abb05d5386e89d675ae65 Signed-off-by: ITSERVICES\rb7147 <rb7147@att.com>