From cfd1160833ecb24c336fe6d0d197547c36ce2327 Mon Sep 17 00:00:00 2001
From: liamfallon <liam.fallon@ericsson.com>
Date: Wed, 18 Apr 2018 21:16:52 +0100
Subject: Remove insecure dependency on PolicyEngineAPI

The insecure dependency tyrus-container-grizzly-client is
part of Tyrus, a Java web socket implementation library.

A direct substitution of this library is not available so
the code in AutoClientEnd.java and ManualClientEnd.java
was adapted to work with the library
org.java-websocket.Java-WebSocket
that does not seem to have any vulnerabilities when tested
with the org.owasp.dependency-check-maven plugin.

The purpose of this submission is to see if the new library
does indeed remove the vulnerability. If so, the implementation
in AutoClientEnd and ManualClientEnd must be cleaned up.

Change-Id: I961635aaea42c2f847edf11ee77e2961cdfb097b
Issue-ID: POLICY-744
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
---
 PolicyEngineAPI/pom.xml | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

(limited to 'PolicyEngineAPI/pom.xml')

diff --git a/PolicyEngineAPI/pom.xml b/PolicyEngineAPI/pom.xml
index 4b1cc4562..ebfab472e 100644
--- a/PolicyEngineAPI/pom.xml
+++ b/PolicyEngineAPI/pom.xml
@@ -60,19 +60,14 @@
 			<version>1.1</version>
 		</dependency>
 		<dependency>
-			<groupId>org.glassfish.tyrus</groupId>
-			<artifactId>tyrus-client</artifactId>
-			<version>1.13</version>
-		</dependency>
-		<dependency>
-			<groupId>org.glassfish.tyrus</groupId>
-			<artifactId>tyrus-container-grizzly-client</artifactId>
-			<version>1.13</version>
+			<groupId>org.java-websocket</groupId>
+			<artifactId>Java-WebSocket</artifactId>
+			<version>1.3.8</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-webmvc</artifactId>
-			<version>4.3.3.RELEASE</version>
+			<version>4.3.15.RELEASE</version>
 		</dependency>
 		<dependency>
 		    <groupId>com.google.code.gson</groupId>
-- 
cgit 1.2.3-korg