diff options
author | Dominik Mizyn <d.mizyn@samsung.com> | 2019-10-24 15:03:21 +0200 |
---|---|---|
committer | Dominik Mizyn <d.mizyn@samsung.com> | 2019-10-24 15:59:39 +0200 |
commit | 224909a83ab3ae70596e8aaa4a89097576ff4b2c (patch) | |
tree | d77cd36a0e25f3d5b4b31cf4b6b1ce1ad84c70de | |
parent | 2bd26995f7ac5a0c1f19c1ca0ab1f5f0b50ea5c2 (diff) |
Security Vulnerability in pom.xml fix
com.att.eelf:eelf-core@1.0.0 -> 1.0.1-oss
org.hibernate:hibernate-validator@5.1.3.Final -> 6.0.17.Final
org.apache.cxf:cxf-rt-rs-client@3.0.0-milestone1 -> 3.3.3
com.fasterxml.jackson.core:jackson-databind@2.8.10 -> 2.8.11.4
org.elasticsearch:elasticsearch@2.2.0 -> 7.4.1
org.apache.tomcat:tomcat-websocket@8.0.28 -> 9.0.27
org.apache.poi:poi@3.15 -> 4.1.1
org.apache.poi:poi-scratchpad@3.5-FINAL -> 4.1.1
org.quartz-scheduler:quartz@2.2.1 -> 2.3.1
org.bouncycastle:bcprov-jdk15on@1.59 -> 1.64
commons-beanutils:commons-beanutils@1.9.3 -> 1.9.4
com.orbitz.consul:consul-client@0.13.8 -> 1.3.9
com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider@2.8.10 -> 2.10.0
org.glassfish:javax.el@2.2.6 -> 3.0.0
javax.el:javax.el-api@2.2.1.b04 -> 3.0.0
org.glassfish.jersey.connectors:jersey-jetty-connector@2.23.1 -> 2.29.1
org.owasp.esapi:esapi@2.1.0.1 -> 2.2.0.0
com.thoughtworks.xstream:xstream@1.4.10 -> 1.4.11.1
com.alibaba:fastjson@1.2.7 -> 1.2.62
Issue-ID: PORTAL-439
Change-Id: Iad0c81e47386dfbc675470cc786c764ff93998a7
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
-rw-r--r-- | ecomp-portal-BE-common/pom.xml | 42 | ||||
-rw-r--r-- | pom.xml | 3 |
2 files changed, 22 insertions, 23 deletions
diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml index 1a04c40d..070ee05c 100644 --- a/ecomp-portal-BE-common/pom.xml +++ b/ecomp-portal-BE-common/pom.xml @@ -136,7 +136,7 @@ <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> - <version>1.0.0-oss</version> + <version>1.0.1-oss</version> </dependency> <dependency> <groupId>com.google.code.gson</groupId> @@ -204,7 +204,7 @@ <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-validator</artifactId> - <version>5.2.5.Final</version> + <version>6.0.17.Final</version> </dependency> <!-- hibernate-core depends on dom4j, which has optional dependencies. On jenkins, contrary to doc, mvn 3.0.5 packages the optional dependencies @@ -284,23 +284,23 @@ <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-rs-client</artifactId> - <version>3.1.16</version> + <version>3.3.3</version> </dependency> <!-- Mapper --> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-annotations</artifactId> - <version>${fasterxml.version}</version> + <version>2.8.10</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> - <version>${fasterxml.version}</version> + <version>2.8.10</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>${fasterxml.version}</version> + <version>2.8.11.4</version> </dependency> <dependency> <groupId>postgresql</groupId> @@ -311,7 +311,7 @@ <dependency> <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> - <version>6.8.2</version> + <version>7.4.1</version> <exclusions> <exclusion> <groupId>org.apache.lucene</groupId> @@ -338,7 +338,7 @@ <dependency> <groupId>org.apache.tomcat</groupId> <artifactId>tomcat-websocket</artifactId> - <version>8.0.52</version> + <version>9.0.27</version> <scope>provided</scope> </dependency> <dependency> @@ -361,7 +361,7 @@ <dependency> <groupId>org.apache.poi</groupId> <artifactId>poi</artifactId> - <version>3.17</version> + <version>4.1.1</version> <exclusions> <exclusion> <groupId>commons-logging</groupId> @@ -391,7 +391,7 @@ <dependency> <groupId>org.apache.poi</groupId> <artifactId>poi-scratchpad</artifactId> - <version>3.17</version> + <version>4.1.1</version> <exclusions> <exclusion> <groupId>commons-logging</groupId> @@ -422,7 +422,7 @@ <dependency> <groupId>org.quartz-scheduler</groupId> <artifactId>quartz</artifactId> - <version>2.2.1</version> + <version>2.3.1</version> <exclusions> <!-- SDK brings a new version of c3p0 --> <exclusion> @@ -434,7 +434,7 @@ <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> - <version>1.60</version> + <version>1.64</version> </dependency> <dependency> <groupId>commons-codec</groupId> @@ -572,7 +572,7 @@ <dependency> <groupId>com.orbitz.consul</groupId> <artifactId>consul-client</artifactId> - <version>1.3.6</version> + <version>1.3.9</version> </dependency> <dependency> <groupId>commons-fileupload</groupId> @@ -605,17 +605,17 @@ <artifactId>jackson-jaxrs-json-provider</artifactId> <version>2.10.0</version> </dependency> - <!-- https://mvnrepository.com/artifact/org.glassfish.web/javax.el --> + <!-- https://mvnrepository.com/artifact/org.glassfish/javax.el --> <dependency> - <groupId>org.glassfish.web</groupId> + <groupId>org.glassfish</groupId> <artifactId>javax.el</artifactId> - <version>2.2.6</version> + <version>3.0.0</version> </dependency> <!-- https://mvnrepository.com/artifact/javax.el/el-api --> <dependency> <groupId>javax.el</groupId> - <artifactId>el-api</artifactId> - <version>2.2.1-b04</version> + <artifactId>javax.el-api</artifactId> + <version>3.0.0</version> </dependency> <!-- https://mvnrepository.com/artifact/org.jsoup/jsoup --> <dependency> @@ -626,7 +626,7 @@ <dependency> <groupId>org.glassfish.jersey.connectors</groupId> <artifactId>jersey-jetty-connector</artifactId> - <version>2.28</version> + <version>2.29.1</version> </dependency> <!-- Jacoco for offline instrumentation --> <dependency> @@ -672,7 +672,7 @@ <dependency> <groupId>com.thoughtworks.xstream</groupId> <artifactId>xstream</artifactId> - <version>1.4.11</version> + <version>1.4.11.1</version> </dependency> <dependency> <groupId>ch.qos.logback</groupId> @@ -752,7 +752,7 @@ <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> - <version>1.2.25</version> + <version>1.2.62</version> </dependency> </dependencies> @@ -32,8 +32,7 @@ <springframework.version>4.3.24.RELEASE</springframework.version> <springframework.security.version>4.2.13.RELEASE</springframework.security.version> <hibernate.version>4.3.11.Final</hibernate.version> - <fasterxml.version>2.8.10</fasterxml.version> - <eelf.version>1.0.0</eelf.version> + <fasterxml.version>2.8.11.4</fasterxml.version> <!-- NOT provided by OParent, unfortunately --> <jacocoVersion>0.7.6.201602180812</jacocoVersion> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> |