diff options
author | Dominik Mizyn <d.mizyn@samsung.com> | 2019-10-18 14:43:07 +0200 |
---|---|---|
committer | Dominik Mizyn <d.mizyn@samsung.com> | 2019-10-18 14:43:22 +0200 |
commit | eae3e8b357d96bff29ce0b3086aed388754feaf2 (patch) | |
tree | 0936b9fbbda709a0f8633499b5be0c247aeadd93 | |
parent | d98d4c9f564428ee9edd398675b27226645d7ef5 (diff) |
Security Vulnerability in pom.xml fix
Security Vulnerability in pom.xml fix
Issue-ID: PORTAL-772
Change-Id: I6b0932122b101411b06d371e757918875529b87d
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
-rw-r--r-- | ecomp-sdk/epsdk-aaf/pom.xml | 4 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-analytics/pom.xml | 4 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java | 3 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-app-common/pom.xml | 14 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java | 4 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-app-os/pom.xml | 8 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-core/pom.xml | 20 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-domain/pom.xml | 2 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-fw/pom.xml | 6 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-logger/pom.xml | 2 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-music/pom.xml | 2 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-workflow/pom.xml | 4 |
12 files changed, 36 insertions, 37 deletions
diff --git a/ecomp-sdk/epsdk-aaf/pom.xml b/ecomp-sdk/epsdk-aaf/pom.xml index 9d10e9bb..036b5e4a 100644 --- a/ecomp-sdk/epsdk-aaf/pom.xml +++ b/ecomp-sdk/epsdk-aaf/pom.xml @@ -19,7 +19,7 @@ <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - <springframework.version>4.2.0.RELEASE</springframework.version> + <springframework.version>4.3.20.RELEASE</springframework.version> </properties> <dependencies> <!-- internal --> @@ -108,7 +108,7 @@ <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter</artifactId> - <version>1.3.0.RELEASE</version> + <version>1.3.1.RELEASE</version> <exclusions> <exclusion> <groupId>org.slf4j</groupId> diff --git a/ecomp-sdk/epsdk-analytics/pom.xml b/ecomp-sdk/epsdk-analytics/pom.xml index dcffc4ce..26821ded 100644 --- a/ecomp-sdk/epsdk-analytics/pom.xml +++ b/ecomp-sdk/epsdk-analytics/pom.xml @@ -45,7 +45,7 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>2.8.10</version> + <version>2.8.11.4</version> </dependency> <!-- Raptor required Libraries --> <!-- for static charts --> @@ -146,7 +146,7 @@ <dependency> <groupId>org.apache.poi</groupId> <artifactId>poi-scratchpad</artifactId> - <version>3.14</version> + <version>3.17</version> <exclusions> <exclusion> <groupId>commons-logging</groupId> diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java index 67acdf9e..d528dc6d 100644 --- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java +++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java @@ -45,7 +45,6 @@ import java.sql.SQLException; import java.sql.Statement; import java.sql.Types; import javax.sql.DataSource; -import org.apache.commons.lang3.StringUtils; import org.onap.portalsdk.analytics.error.RaptorException; import org.onap.portalsdk.analytics.error.ReportSQLException; import org.onap.portalsdk.analytics.model.runtime.ReportRuntime; @@ -213,7 +212,7 @@ public class DbUtils { try (final Connection con = getConnection();) { if (con != null) { try (final PreparedStatement preparedStatement = con.prepareStatement(sql);) { - if (StringUtils.isNotBlank(reportID)) { + if (!reportID.isEmpty()) { preparedStatement.setString(1, reportID); preparedStatement.setString(2, reportName); } else { diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml index 473c942a..2d0bf371 100644 --- a/ecomp-sdk/epsdk-app-common/pom.xml +++ b/ecomp-sdk/epsdk-app-common/pom.xml @@ -128,7 +128,7 @@ <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> - <version>1.0.0</version> + <version>1.0.0-oss</version> </dependency> <!-- Mapper --> <dependency> @@ -149,12 +149,12 @@ <dependency> <groupId>com.mchange</groupId> <artifactId>c3p0</artifactId> - <version>0.9.5.3</version> + <version>0.9.5.4</version> </dependency> <dependency> <groupId>io.searchbox</groupId> <artifactId>jest</artifactId> - <version>2.0.0</version> + <version>5.3.4</version> <exclusions> <exclusion> <groupId>commons-logging</groupId> @@ -176,7 +176,7 @@ <dependency> <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> - <version>7.1.1</version> + <version>7.2.1</version> <exclusions> <exclusion> <groupId>org.apache.lucene</groupId> @@ -246,7 +246,7 @@ <dependency> <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> - <version>2.1.0.1</version> + <version>2.2.0.0</version> <exclusions> <exclusion> <groupId>commons-beanutils</groupId> @@ -346,7 +346,7 @@ <dependency> <groupId>commons-beanutils</groupId> <artifactId>commons-beanutils</artifactId> - <version>1.9.3</version> + <version>1.9.4</version> </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> @@ -361,7 +361,7 @@ <dependency> <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId> - <version>2.11.0.SP5</version> + <version>2.12.0</version> </dependency> <dependency> <groupId>commons-collections</groupId> diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java index 69807a1c..c964712d 100644 --- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java +++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java @@ -43,8 +43,8 @@ import java.util.concurrent.locks.Lock; import java.util.concurrent.locks.ReentrantLock; import java.util.regex.Pattern; import org.apache.commons.lang.NotImplementedException; +import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; -import org.apache.commons.lang3.StringEscapeUtils; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.util.SystemProperties; import org.owasp.esapi.ESAPI; @@ -132,7 +132,7 @@ public class SecurityXssValidator { if (StringUtils.isNotBlank(value)) { - value = StringEscapeUtils.escapeHtml4(value); + value = StringEscapeUtils.escapeHtml(value); value = ESAPI.encoder().canonicalize(value); diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml index cfdcb244..52690916 100644 --- a/ecomp-sdk/epsdk-app-os/pom.xml +++ b/ecomp-sdk/epsdk-app-os/pom.xml @@ -423,7 +423,7 @@ <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> - <version>1.0.0</version> + <version>1.0.0-oss</version> </dependency> <!-- Mapper --> <dependency> @@ -444,12 +444,12 @@ <dependency> <groupId>com.mchange</groupId> <artifactId>c3p0</artifactId> - <version>0.9.5.2</version> + <version>0.9.5.4</version> </dependency> <dependency> <groupId>io.searchbox</groupId> <artifactId>jest</artifactId> - <version>2.0.0</version> + <version>5.3.2</version> <exclusions> <exclusion> <groupId>commons-logging</groupId> @@ -471,7 +471,7 @@ <dependency> <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> - <version>2.2.0</version> + <version>6.8.2</version> <exclusions> <exclusion> <groupId>org.apache.lucene</groupId> diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml index be08cc3e..565867dd 100644 --- a/ecomp-sdk/epsdk-core/pom.xml +++ b/ecomp-sdk/epsdk-core/pom.xml @@ -185,7 +185,7 @@ <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-validator</artifactId> - <version>5.1.3.Final</version> + <version>5.2.1.Final</version> </dependency> <!-- Servlet+JSP+JSTL --> <dependency> @@ -228,7 +228,7 @@ <dependency> <groupId>com.mchange</groupId> <artifactId>c3p0</artifactId> - <version>0.9.5.3</version> + <version>0.9.5.4</version> </dependency> <!-- Apache Tiles --> <dependency> @@ -261,7 +261,7 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>2.8.10</version> + <version>2.8.11.4</version> </dependency> <!-- Use Mariadb connector --> <dependency> @@ -285,7 +285,7 @@ <dependency> <groupId>org.apache.tomcat</groupId> <artifactId>tomcat-websocket</artifactId> - <version>8.0.28</version> + <version>8.0.52</version> <scope>provided</scope> </dependency> @@ -344,7 +344,7 @@ <dependency> <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> - <version>2.2.0</version> + <version>6.8.2</version> <exclusions> <exclusion> <groupId>org.apache.lucene</groupId> @@ -355,7 +355,7 @@ <dependency> <groupId>io.searchbox</groupId> <artifactId>jest</artifactId> - <version>2.0.0</version> + <version>5.3.2</version> <exclusions> <exclusion> <groupId>commons-logging</groupId> @@ -367,13 +367,13 @@ <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> - <version>1.0.0</version> + <version>1.0.0-oss</version> </dependency> <dependency> <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> - <version>2.1.0.1</version> + <version>2.2.0.0</version> <exclusions> <exclusion> <groupId>commons-beanutils</groupId> @@ -434,7 +434,7 @@ <dependency> <groupId>com.thoughtworks.xstream</groupId> <artifactId>xstream</artifactId> - <version>1.4.10</version> + <version>1.4.11</version> </dependency> <dependency> <groupId>org.apache.wicket</groupId> @@ -459,7 +459,7 @@ <dependency> <groupId>commons-beanutils</groupId> <artifactId>commons-beanutils</artifactId> - <version>1.9.2</version> + <version>1.9.4</version> </dependency> <dependency> <groupId>org.apache.poi</groupId> diff --git a/ecomp-sdk/epsdk-domain/pom.xml b/ecomp-sdk/epsdk-domain/pom.xml index 327e51de..f1b554e3 100644 --- a/ecomp-sdk/epsdk-domain/pom.xml +++ b/ecomp-sdk/epsdk-domain/pom.xml @@ -33,7 +33,7 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>2.8.10</version> + <version>2.8.11.4</version> </dependency> <dependency> <groupId>org.mockito</groupId> diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml index 6c2b283c..1c29ceab 100644 --- a/ecomp-sdk/epsdk-fw/pom.xml +++ b/ecomp-sdk/epsdk-fw/pom.xml @@ -17,7 +17,7 @@ <!-- properties are inherited from parent --> <properties> - <resteasy.version>3.0.18.Final</resteasy.version> + <resteasy.version>3.1.0.Final</resteasy.version> <powermock.version>1.7.4</powermock.version> </properties> <!-- repositories are inherited from parent --> @@ -108,12 +108,12 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>2.8.10</version> + <version>2.8.11.3</version> </dependency> <dependency> <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> - <version>2.1.0.1</version> + <version>2.2.0.0</version> <exclusions> <exclusion> <groupId>log4j</groupId> diff --git a/ecomp-sdk/epsdk-logger/pom.xml b/ecomp-sdk/epsdk-logger/pom.xml index 3f0f7df0..b7e0b644 100644 --- a/ecomp-sdk/epsdk-logger/pom.xml +++ b/ecomp-sdk/epsdk-logger/pom.xml @@ -17,7 +17,7 @@ <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> - <version>1.0.0</version> + <version>1.0.0-oss</version> </dependency> <dependency> <groupId>javax.servlet</groupId> diff --git a/ecomp-sdk/epsdk-music/pom.xml b/ecomp-sdk/epsdk-music/pom.xml index 5c442a91..cfbc41c1 100644 --- a/ecomp-sdk/epsdk-music/pom.xml +++ b/ecomp-sdk/epsdk-music/pom.xml @@ -18,7 +18,7 @@ <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - <springframework.version>4.2.3.RELEASE</springframework.version> + <springframework.version>4.3.20.RELEASE</springframework.version> <jersey1.version>1.19.4</jersey1.version> <jaxrs.version>2.0.1</jaxrs.version> <cassandra.version>3.0.0</cassandra.version> diff --git a/ecomp-sdk/epsdk-workflow/pom.xml b/ecomp-sdk/epsdk-workflow/pom.xml index 707e1fb1..f08b65f8 100644 --- a/ecomp-sdk/epsdk-workflow/pom.xml +++ b/ecomp-sdk/epsdk-workflow/pom.xml @@ -40,7 +40,7 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>2.8.10</version> + <version>2.8.11.4</version> </dependency> <dependency> <groupId>javax.servlet</groupId> @@ -55,7 +55,7 @@ <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-validator</artifactId> - <version>5.1.3.Final</version> + <version>5.2.1.Final</version> </dependency> <dependency> <groupId>org.json</groupId> |