diff options
author | Lo, WEI-TING(wl849v) <wl849v@att.com> | 2018-03-27 19:24:12 -0400 |
---|---|---|
committer | Lo, WEI-TING(wl849v) <wl849v@att.com> | 2018-03-27 19:24:12 -0400 |
commit | 03c53c05213f0c01b8b9b03025129b9fbe801384 (patch) | |
tree | 13a2cdef602d26bc021112705771ad73f2ba37ac | |
parent | 246e8869946e22bd490912d00a23386d47507d2e (diff) |
Security Vulnerabilities
Issue-ID: PORTAL-155
Includes Security Vulnerabilities and music jar
Change-Id: Id85471555461adf2127db66ed3d4f4a3d5a06fe4
Signed-off-by: Lo, WEI-TING(wl849v) <wl849v@att.com>
-rw-r--r-- | ecomp-sdk/epsdk-app-common/pom.xml | 93 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-app-os/pom.xml | 6 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-core/pom.xml | 84 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-fw/pom.xml | 50 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4.1/core-2.4.4.1.jar | bin | 0 -> 22223316 bytes | |||
-rw-r--r-- | ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4/core-2.4.4.jar | bin | 132593 -> 0 bytes | |||
-rw-r--r-- | ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/maven-metadata-local.xml | 6 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-music/pom.xml | 78 | ||||
-rw-r--r-- | ecomp-sdk/pom.xml | 2 |
9 files changed, 139 insertions, 180 deletions
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml index e9eec2ac..6e4f9e19 100644 --- a/ecomp-sdk/epsdk-app-common/pom.xml +++ b/ecomp-sdk/epsdk-app-common/pom.xml @@ -172,6 +172,12 @@ <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> <version>2.2.0</version> + <exclusions> + <exclusion> + <groupId>org.apache.lucene</groupId> + <artifactId>lucene-queryparser</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.json</groupId> @@ -245,6 +251,14 @@ <groupId>commons-httpclient</groupId> <artifactId>commons-httpclient</artifactId> </exclusion> + <exclusion> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + </exclusion> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> </exclusions> </dependency> <!-- Jacoco for offline instrumentation --> @@ -254,11 +268,7 @@ <version>${jacoco.version}</version> <classifier>runtime</classifier> </dependency> - <dependency> - <groupId>org.apache.lucene</groupId> - <artifactId>lucene-queryparser</artifactId> - <version>7.2.1</version> - </dependency> + <dependency> <groupId>com.thoughtworks.xstream</groupId> <artifactId>xstream</artifactId> @@ -287,68 +297,9 @@ <dependency> <groupId>commons-beanutils</groupId> <artifactId>commons-beanutils</artifactId> - <version>1.9.2</version> - </dependency> - <dependency> - <groupId>org.apache.poi</groupId> - <artifactId>poi</artifactId> - <version>3.17</version> - <exclusions> - <exclusion> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - </exclusion> - <exclusion> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - </exclusion> - </exclusions> - </dependency> - <dependency> - <groupId>org.apache.poi</groupId> - <artifactId>poi-ooxml</artifactId> - <version>3.17</version> - <exclusions> - <exclusion> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - </exclusion> - <exclusion> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - </exclusion> - </exclusions> - </dependency> - <dependency> - <groupId>org.apache.poi</groupId> - <artifactId>poi-scratchpad</artifactId> - <version>3.17</version> - <exclusions> - <exclusion> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - </exclusion> - <exclusion> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - </exclusion> - </exclusions> - </dependency> - <dependency> - <groupId>org.apache.poi</groupId> - <artifactId>poi-contrib</artifactId> - <version>3.5-FINAL</version> - <exclusions> - <exclusion> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - </exclusion> - <exclusion> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - </exclusion> - </exclusions> + <version>1.9.3</version> </dependency> + <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> @@ -359,5 +310,15 @@ <artifactId>xalan</artifactId> <version>2.7.2</version> </dependency> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.11.0.SP5</version> + </dependency> + <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + <version>3.2.2</version> + </dependency> </dependencies> </project> diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml index 7bcaec66..ff5ce26b 100644 --- a/ecomp-sdk/epsdk-app-os/pom.xml +++ b/ecomp-sdk/epsdk-app-os/pom.xml @@ -307,6 +307,12 @@ <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> <version>2.2.0</version> + <exclusions> + <exclusion> + <groupId>org.apache.lucene</groupId> + <artifactId>lucene-queryparser</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.json</groupId> diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml index abaad567..8fd5a6ee 100644 --- a/ecomp-sdk/epsdk-core/pom.xml +++ b/ecomp-sdk/epsdk-core/pom.xml @@ -319,6 +319,12 @@ <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> <version>2.2.0</version> + <exclusions> + <exclusion> + <groupId>org.apache.lucene</groupId> + <artifactId>lucene-queryparser</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>io.searchbox</groupId> @@ -351,6 +357,10 @@ <groupId>commons-httpclient</groupId> <artifactId>commons-httpclient</artifactId> </exclusion> + <exclusion> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + </exclusion> </exclusions> </dependency> @@ -386,11 +396,6 @@ <classifier>runtime</classifier> </dependency> <dependency> - <groupId>org.apache.lucene</groupId> - <artifactId>lucene-queryparser</artifactId> - <version>7.2.1</version> - </dependency> - <dependency> <groupId>com.thoughtworks.xstream</groupId> <artifactId>xstream</artifactId> <version>1.4.10</version> @@ -418,67 +423,7 @@ <dependency> <groupId>commons-beanutils</groupId> <artifactId>commons-beanutils</artifactId> - <version>1.9.2</version> - </dependency> - <dependency> - <groupId>org.apache.poi</groupId> - <artifactId>poi</artifactId> - <version>3.17</version> - <exclusions> - <exclusion> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - </exclusion> - <exclusion> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - </exclusion> - </exclusions> - </dependency> - <dependency> - <groupId>org.apache.poi</groupId> - <artifactId>poi-ooxml</artifactId> - <version>3.17</version> - <exclusions> - <exclusion> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - </exclusion> - <exclusion> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - </exclusion> - </exclusions> - </dependency> - <dependency> - <groupId>org.apache.poi</groupId> - <artifactId>poi-scratchpad</artifactId> - <version>3.17</version> - <exclusions> - <exclusion> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - </exclusion> - <exclusion> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - </exclusion> - </exclusions> - </dependency> - <dependency> - <groupId>org.apache.poi</groupId> - <artifactId>poi-contrib</artifactId> - <version>3.5-FINAL</version> - <exclusions> - <exclusion> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - </exclusion> - <exclusion> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - </exclusion> - </exclusions> + <version>1.9.3</version> </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> @@ -489,7 +434,12 @@ <groupId>xalan</groupId> <artifactId>xalan</artifactId> <version>2.7.2</version> - </dependency> + </dependency> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.11.0.SP5</version> + </dependency> </dependencies> </project> diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml index 0cecde97..62600840 100644 --- a/ecomp-sdk/epsdk-fw/pom.xml +++ b/ecomp-sdk/epsdk-fw/pom.xml @@ -91,6 +91,22 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + </exclusion> + <exclusion> + <groupId>xalan</groupId> + <artifactId>xalan</artifactId> + </exclusion> + <exclusion> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils-core</artifactId> + </exclusion> + <exclusion> + <groupId>commons-httpclient</groupId> + <artifactId>commons-httpclient</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -98,6 +114,12 @@ <artifactId>junit</artifactId> <version>4.12</version> <scope>test</scope> + <exclusions> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + </exclusion> + </exclusions> </dependency> <!-- Test scaffold --> <dependency> @@ -148,18 +170,18 @@ <version>1.0.0.Final</version> <scope>test</scope> </dependency> - <dependency> - <groupId>org.mockito</groupId> - <artifactId>mockito-core</artifactId> - <version>1.10.19</version> - <scope>test</scope> - </dependency> <dependency> - <groupId>org.jacoco</groupId> - <artifactId>org.jacoco.agent</artifactId> - <classifier>runtime</classifier> - <scope>test</scope> - <version>${jacoco.version}</version> + <groupId>org.mockito</groupId> + <artifactId>mockito-core</artifactId> + <version>1.10.19</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.jacoco</groupId> + <artifactId>org.jacoco.agent</artifactId> + <classifier>runtime</classifier> + <scope>test</scope> + <version>${jacoco.version}</version> </dependency> <dependency> <groupId>commons-fileupload</groupId> @@ -167,9 +189,9 @@ <version>1.3.3</version> </dependency> <dependency> - <groupId>commons-beanutils</groupId> - <artifactId>commons-beanutils</artifactId> - <version>1.9.2</version> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils</artifactId> + <version>1.9.3</version> </dependency> </dependencies> diff --git a/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4.1/core-2.4.4.1.jar b/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4.1/core-2.4.4.1.jar Binary files differnew file mode 100644 index 00000000..c87ed1c4 --- /dev/null +++ b/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4.1/core-2.4.4.1.jar diff --git a/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4/core-2.4.4.jar b/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4/core-2.4.4.jar Binary files differdeleted file mode 100644 index c2dd2dba..00000000 --- a/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4/core-2.4.4.jar +++ /dev/null diff --git a/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/maven-metadata-local.xml b/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/maven-metadata-local.xml index 01c2b2bf..9e953565 100644 --- a/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/maven-metadata-local.xml +++ b/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/maven-metadata-local.xml @@ -3,10 +3,10 @@ <groupId>org.onap.music</groupId> <artifactId>core</artifactId> <versioning> - <release>2.4.4</release> + <release>2.4.4.1</release> <versions> - <version>2.4.4</version> + <version>2.4.4.1</version> </versions> - <lastUpdated>20180302203455</lastUpdated> + <lastUpdated>20180302703455</lastUpdated> </versioning> </metadata> diff --git a/ecomp-sdk/epsdk-music/pom.xml b/ecomp-sdk/epsdk-music/pom.xml index 3b188176..2c2a7e1b 100644 --- a/ecomp-sdk/epsdk-music/pom.xml +++ b/ecomp-sdk/epsdk-music/pom.xml @@ -7,7 +7,7 @@ <artifactId>epsdk-project</artifactId> <version>2.2.0-SNAPSHOT</version> </parent> - + <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-music</artifactId> <version>2.2.0-SNAPSHOT</version> @@ -18,7 +18,7 @@ <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - <springframework.version>4.2.0.RELEASE</springframework.version> + <springframework.version>4.2.3.RELEASE</springframework.version> <jersey1.version>1.19.4</jersey1.version> <jaxrs.version>2.0.1</jaxrs.version> <cassandra.version>3.0.0</cassandra.version> @@ -108,35 +108,45 @@ <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> <version>1.0.0</version> + <exclusions> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </exclusion> + <exclusion> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-core</artifactId> + </exclusion> + </exclusions> </dependency> <!-- Music --> <dependency> <groupId>org.onap.music</groupId> <artifactId>core</artifactId> - <version>2.4.4</version> - </dependency> - <dependency> + <version>2.4.4.1</version> + </dependency> + <!-- <dependency> <groupId>org.onap.music</groupId> <artifactId>dependency</artifactId> <version>2.4.4</version> - </dependency> + </dependency> --> <!-- Mapper --> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-annotations</artifactId> - <version>2.6.3</version> + <version>2.8.10</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> - <version>2.6.3</version> + <version>2.8.10</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>2.6.3</version> + <version>2.8.10</version> </dependency> <dependency> <groupId>org.springframework.session</groupId> @@ -148,6 +158,16 @@ <artifactId>json</artifactId> <version>20160212</version> </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-core</artifactId> + <version>1.2.3</version> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>1.2.3</version> + </dependency> </dependencies> <profiles> <!-- disable doclint, a new feature in Java 8, when generating javadoc --> @@ -186,26 +206,26 @@ </configuration> </plugin> <plugin> - <artifactId>maven-assembly-plugin</artifactId> - <configuration> - <archive> - <manifest> - </manifest> - </archive> - <descriptorRefs> - <descriptorRef>jar-with-dependencies</descriptorRef> - </descriptorRefs> - </configuration> - <executions> - <execution> - <id>make-assembly</id> <!-- this is used for inheritance merges --> - <phase>package</phase> <!-- bind to the packaging phase --> - <goals> - <goal>single</goal> - </goals> - </execution> - </executions> - </plugin> + <artifactId>maven-assembly-plugin</artifactId> + <configuration> + <archive> + <manifest> + </manifest> + </archive> + <descriptorRefs> + <descriptorRef>jar-with-dependencies</descriptorRef> + </descriptorRefs> + </configuration> + <executions> + <execution> + <id>make-assembly</id> <!-- this is used for inheritance merges --> + <phase>package</phase> <!-- bind to the packaging phase --> + <goals> + <goal>single</goal> + </goals> + </execution> + </executions> + </plugin> </plugins> </build> </project> diff --git a/ecomp-sdk/pom.xml b/ecomp-sdk/pom.xml index 8ae56339..e3db8a97 100644 --- a/ecomp-sdk/pom.xml +++ b/ecomp-sdk/pom.xml @@ -32,7 +32,7 @@ <properties> <encoding>UTF-8</encoding> - <springframework.version>4.2.2.RELEASE</springframework.version> + <springframework.version>4.2.3.RELEASE</springframework.version> <hibernate.version>4.3.11.Final</hibernate.version> <skiptests>false</skiptests> <nexusproxy>https://nexus.onap.org</nexusproxy> |