summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLo, WEI-TING(wl849v) <wl849v@att.com>2018-03-27 19:24:12 -0400
committerLo, WEI-TING(wl849v) <wl849v@att.com>2018-03-27 19:24:12 -0400
commit03c53c05213f0c01b8b9b03025129b9fbe801384 (patch)
tree13a2cdef602d26bc021112705771ad73f2ba37ac
parent246e8869946e22bd490912d00a23386d47507d2e (diff)
Security Vulnerabilities
Issue-ID: PORTAL-155 Includes Security Vulnerabilities and music jar Change-Id: Id85471555461adf2127db66ed3d4f4a3d5a06fe4 Signed-off-by: Lo, WEI-TING(wl849v) <wl849v@att.com>
-rw-r--r--ecomp-sdk/epsdk-app-common/pom.xml93
-rw-r--r--ecomp-sdk/epsdk-app-os/pom.xml6
-rw-r--r--ecomp-sdk/epsdk-core/pom.xml84
-rw-r--r--ecomp-sdk/epsdk-fw/pom.xml50
-rw-r--r--ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4.1/core-2.4.4.1.jarbin0 -> 22223316 bytes
-rw-r--r--ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4/core-2.4.4.jarbin132593 -> 0 bytes
-rw-r--r--ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/maven-metadata-local.xml6
-rw-r--r--ecomp-sdk/epsdk-music/pom.xml78
-rw-r--r--ecomp-sdk/pom.xml2
9 files changed, 139 insertions, 180 deletions
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml
index e9eec2ac..6e4f9e19 100644
--- a/ecomp-sdk/epsdk-app-common/pom.xml
+++ b/ecomp-sdk/epsdk-app-common/pom.xml
@@ -172,6 +172,12 @@
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>2.2.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.lucene</groupId>
+ <artifactId>lucene-queryparser</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.json</groupId>
@@ -245,6 +251,14 @@
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<!-- Jacoco for offline instrumentation -->
@@ -254,11 +268,7 @@
<version>${jacoco.version}</version>
<classifier>runtime</classifier>
</dependency>
- <dependency>
- <groupId>org.apache.lucene</groupId>
- <artifactId>lucene-queryparser</artifactId>
- <version>7.2.1</version>
- </dependency>
+
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
@@ -287,68 +297,9 @@
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
- <version>1.9.2</version>
- </dependency>
- <dependency>
- <groupId>org.apache.poi</groupId>
- <artifactId>poi</artifactId>
- <version>3.17</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.apache.poi</groupId>
- <artifactId>poi-ooxml</artifactId>
- <version>3.17</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.apache.poi</groupId>
- <artifactId>poi-scratchpad</artifactId>
- <version>3.17</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.apache.poi</groupId>
- <artifactId>poi-contrib</artifactId>
- <version>3.5-FINAL</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </exclusion>
- </exclusions>
+ <version>1.9.3</version>
</dependency>
+
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
@@ -359,5 +310,15 @@
<artifactId>xalan</artifactId>
<version>2.7.2</version>
</dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.11.0.SP5</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.2</version>
+ </dependency>
</dependencies>
</project>
diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml
index 7bcaec66..ff5ce26b 100644
--- a/ecomp-sdk/epsdk-app-os/pom.xml
+++ b/ecomp-sdk/epsdk-app-os/pom.xml
@@ -307,6 +307,12 @@
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>2.2.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.lucene</groupId>
+ <artifactId>lucene-queryparser</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.json</groupId>
diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml
index abaad567..8fd5a6ee 100644
--- a/ecomp-sdk/epsdk-core/pom.xml
+++ b/ecomp-sdk/epsdk-core/pom.xml
@@ -319,6 +319,12 @@
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>2.2.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.lucene</groupId>
+ <artifactId>lucene-queryparser</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>io.searchbox</groupId>
@@ -351,6 +357,10 @@
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ </exclusion>
</exclusions>
</dependency>
@@ -386,11 +396,6 @@
<classifier>runtime</classifier>
</dependency>
<dependency>
- <groupId>org.apache.lucene</groupId>
- <artifactId>lucene-queryparser</artifactId>
- <version>7.2.1</version>
- </dependency>
- <dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.10</version>
@@ -418,67 +423,7 @@
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
- <version>1.9.2</version>
- </dependency>
- <dependency>
- <groupId>org.apache.poi</groupId>
- <artifactId>poi</artifactId>
- <version>3.17</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.apache.poi</groupId>
- <artifactId>poi-ooxml</artifactId>
- <version>3.17</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.apache.poi</groupId>
- <artifactId>poi-scratchpad</artifactId>
- <version>3.17</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.apache.poi</groupId>
- <artifactId>poi-contrib</artifactId>
- <version>3.5-FINAL</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </exclusion>
- </exclusions>
+ <version>1.9.3</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
@@ -489,7 +434,12 @@
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.2</version>
- </dependency>
+ </dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.11.0.SP5</version>
+ </dependency>
</dependencies>
</project>
diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml
index 0cecde97..62600840 100644
--- a/ecomp-sdk/epsdk-fw/pom.xml
+++ b/ecomp-sdk/epsdk-fw/pom.xml
@@ -91,6 +91,22 @@
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>commons-beanutils</groupId>
+ <artifactId>commons-beanutils-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -98,6 +114,12 @@
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- Test scaffold -->
<dependency>
@@ -148,18 +170,18 @@
<version>1.0.0.Final</version>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
- <version>1.10.19</version>
- <scope>test</scope>
- </dependency>
<dependency>
- <groupId>org.jacoco</groupId>
- <artifactId>org.jacoco.agent</artifactId>
- <classifier>runtime</classifier>
- <scope>test</scope>
- <version>${jacoco.version}</version>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>1.10.19</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jacoco</groupId>
+ <artifactId>org.jacoco.agent</artifactId>
+ <classifier>runtime</classifier>
+ <scope>test</scope>
+ <version>${jacoco.version}</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
@@ -167,9 +189,9 @@
<version>1.3.3</version>
</dependency>
<dependency>
- <groupId>commons-beanutils</groupId>
- <artifactId>commons-beanutils</artifactId>
- <version>1.9.2</version>
+ <groupId>commons-beanutils</groupId>
+ <artifactId>commons-beanutils</artifactId>
+ <version>1.9.3</version>
</dependency>
</dependencies>
diff --git a/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4.1/core-2.4.4.1.jar b/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4.1/core-2.4.4.1.jar
new file mode 100644
index 00000000..c87ed1c4
--- /dev/null
+++ b/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4.1/core-2.4.4.1.jar
Binary files differ
diff --git a/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4/core-2.4.4.jar b/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4/core-2.4.4.jar
deleted file mode 100644
index c2dd2dba..00000000
--- a/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/2.4.4/core-2.4.4.jar
+++ /dev/null
Binary files differ
diff --git a/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/maven-metadata-local.xml b/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/maven-metadata-local.xml
index 01c2b2bf..9e953565 100644
--- a/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/maven-metadata-local.xml
+++ b/ecomp-sdk/epsdk-music/dependencies/org/onap/music/core/maven-metadata-local.xml
@@ -3,10 +3,10 @@
<groupId>org.onap.music</groupId>
<artifactId>core</artifactId>
<versioning>
- <release>2.4.4</release>
+ <release>2.4.4.1</release>
<versions>
- <version>2.4.4</version>
+ <version>2.4.4.1</version>
</versions>
- <lastUpdated>20180302203455</lastUpdated>
+ <lastUpdated>20180302703455</lastUpdated>
</versioning>
</metadata>
diff --git a/ecomp-sdk/epsdk-music/pom.xml b/ecomp-sdk/epsdk-music/pom.xml
index 3b188176..2c2a7e1b 100644
--- a/ecomp-sdk/epsdk-music/pom.xml
+++ b/ecomp-sdk/epsdk-music/pom.xml
@@ -7,7 +7,7 @@
<artifactId>epsdk-project</artifactId>
<version>2.2.0-SNAPSHOT</version>
</parent>
-
+
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-music</artifactId>
<version>2.2.0-SNAPSHOT</version>
@@ -18,7 +18,7 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <springframework.version>4.2.0.RELEASE</springframework.version>
+ <springframework.version>4.2.3.RELEASE</springframework.version>
<jersey1.version>1.19.4</jersey1.version>
<jaxrs.version>2.0.1</jaxrs.version>
<cassandra.version>3.0.0</cassandra.version>
@@ -108,35 +108,45 @@
<groupId>com.att.eelf</groupId>
<artifactId>eelf-core</artifactId>
<version>1.0.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- Music -->
<dependency>
<groupId>org.onap.music</groupId>
<artifactId>core</artifactId>
- <version>2.4.4</version>
- </dependency>
- <dependency>
+ <version>2.4.4.1</version>
+ </dependency>
+ <!-- <dependency>
<groupId>org.onap.music</groupId>
<artifactId>dependency</artifactId>
<version>2.4.4</version>
- </dependency>
+ </dependency> -->
<!-- Mapper -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
- <version>2.6.3</version>
+ <version>2.8.10</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
- <version>2.6.3</version>
+ <version>2.8.10</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>2.6.3</version>
+ <version>2.8.10</version>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
@@ -148,6 +158,16 @@
<artifactId>json</artifactId>
<version>20160212</version>
</dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-core</artifactId>
+ <version>1.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>1.2.3</version>
+ </dependency>
</dependencies>
<profiles>
<!-- disable doclint, a new feature in Java 8, when generating javadoc -->
@@ -186,26 +206,26 @@
</configuration>
</plugin>
<plugin>
- <artifactId>maven-assembly-plugin</artifactId>
- <configuration>
- <archive>
- <manifest>
- </manifest>
- </archive>
- <descriptorRefs>
- <descriptorRef>jar-with-dependencies</descriptorRef>
- </descriptorRefs>
- </configuration>
- <executions>
- <execution>
- <id>make-assembly</id> <!-- this is used for inheritance merges -->
- <phase>package</phase> <!-- bind to the packaging phase -->
- <goals>
- <goal>single</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <configuration>
+ <archive>
+ <manifest>
+ </manifest>
+ </archive>
+ <descriptorRefs>
+ <descriptorRef>jar-with-dependencies</descriptorRef>
+ </descriptorRefs>
+ </configuration>
+ <executions>
+ <execution>
+ <id>make-assembly</id> <!-- this is used for inheritance merges -->
+ <phase>package</phase> <!-- bind to the packaging phase -->
+ <goals>
+ <goal>single</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
</project>
diff --git a/ecomp-sdk/pom.xml b/ecomp-sdk/pom.xml
index 8ae56339..e3db8a97 100644
--- a/ecomp-sdk/pom.xml
+++ b/ecomp-sdk/pom.xml
@@ -32,7 +32,7 @@
<properties>
<encoding>UTF-8</encoding>
- <springframework.version>4.2.2.RELEASE</springframework.version>
+ <springframework.version>4.2.3.RELEASE</springframework.version>
<hibernate.version>4.3.11.Final</hibernate.version>
<skiptests>false</skiptests>
<nexusproxy>https://nexus.onap.org</nexusproxy>