summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominik Mizyn <d.mizyn@samsung.com>2019-10-18 14:43:07 +0200
committerDominik Mizyn <d.mizyn@samsung.com>2019-10-18 14:43:22 +0200
commiteae3e8b357d96bff29ce0b3086aed388754feaf2 (patch)
tree0936b9fbbda709a0f8633499b5be0c247aeadd93
parentd98d4c9f564428ee9edd398675b27226645d7ef5 (diff)
Security Vulnerability in pom.xml fix
Security Vulnerability in pom.xml fix Issue-ID: PORTAL-772 Change-Id: I6b0932122b101411b06d371e757918875529b87d Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
-rw-r--r--ecomp-sdk/epsdk-aaf/pom.xml4
-rw-r--r--ecomp-sdk/epsdk-analytics/pom.xml4
-rw-r--r--ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java3
-rw-r--r--ecomp-sdk/epsdk-app-common/pom.xml14
-rw-r--r--ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java4
-rw-r--r--ecomp-sdk/epsdk-app-os/pom.xml8
-rw-r--r--ecomp-sdk/epsdk-core/pom.xml20
-rw-r--r--ecomp-sdk/epsdk-domain/pom.xml2
-rw-r--r--ecomp-sdk/epsdk-fw/pom.xml6
-rw-r--r--ecomp-sdk/epsdk-logger/pom.xml2
-rw-r--r--ecomp-sdk/epsdk-music/pom.xml2
-rw-r--r--ecomp-sdk/epsdk-workflow/pom.xml4
12 files changed, 36 insertions, 37 deletions
diff --git a/ecomp-sdk/epsdk-aaf/pom.xml b/ecomp-sdk/epsdk-aaf/pom.xml
index 9d10e9bb..036b5e4a 100644
--- a/ecomp-sdk/epsdk-aaf/pom.xml
+++ b/ecomp-sdk/epsdk-aaf/pom.xml
@@ -19,7 +19,7 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <springframework.version>4.2.0.RELEASE</springframework.version>
+ <springframework.version>4.3.20.RELEASE</springframework.version>
</properties>
<dependencies>
<!-- internal -->
@@ -108,7 +108,7 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
- <version>1.3.0.RELEASE</version>
+ <version>1.3.1.RELEASE</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
diff --git a/ecomp-sdk/epsdk-analytics/pom.xml b/ecomp-sdk/epsdk-analytics/pom.xml
index dcffc4ce..26821ded 100644
--- a/ecomp-sdk/epsdk-analytics/pom.xml
+++ b/ecomp-sdk/epsdk-analytics/pom.xml
@@ -45,7 +45,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>2.8.10</version>
+ <version>2.8.11.4</version>
</dependency>
<!-- Raptor required Libraries -->
<!-- for static charts -->
@@ -146,7 +146,7 @@
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi-scratchpad</artifactId>
- <version>3.14</version>
+ <version>3.17</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java
index 67acdf9e..d528dc6d 100644
--- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java
+++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java
@@ -45,7 +45,6 @@ import java.sql.SQLException;
import java.sql.Statement;
import java.sql.Types;
import javax.sql.DataSource;
-import org.apache.commons.lang3.StringUtils;
import org.onap.portalsdk.analytics.error.RaptorException;
import org.onap.portalsdk.analytics.error.ReportSQLException;
import org.onap.portalsdk.analytics.model.runtime.ReportRuntime;
@@ -213,7 +212,7 @@ public class DbUtils {
try (final Connection con = getConnection();) {
if (con != null) {
try (final PreparedStatement preparedStatement = con.prepareStatement(sql);) {
- if (StringUtils.isNotBlank(reportID)) {
+ if (!reportID.isEmpty()) {
preparedStatement.setString(1, reportID);
preparedStatement.setString(2, reportName);
} else {
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml
index 473c942a..2d0bf371 100644
--- a/ecomp-sdk/epsdk-app-common/pom.xml
+++ b/ecomp-sdk/epsdk-app-common/pom.xml
@@ -128,7 +128,7 @@
<dependency>
<groupId>com.att.eelf</groupId>
<artifactId>eelf-core</artifactId>
- <version>1.0.0</version>
+ <version>1.0.0-oss</version>
</dependency>
<!-- Mapper -->
<dependency>
@@ -149,12 +149,12 @@
<dependency>
<groupId>com.mchange</groupId>
<artifactId>c3p0</artifactId>
- <version>0.9.5.3</version>
+ <version>0.9.5.4</version>
</dependency>
<dependency>
<groupId>io.searchbox</groupId>
<artifactId>jest</artifactId>
- <version>2.0.0</version>
+ <version>5.3.4</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
@@ -176,7 +176,7 @@
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
- <version>7.1.1</version>
+ <version>7.2.1</version>
<exclusions>
<exclusion>
<groupId>org.apache.lucene</groupId>
@@ -246,7 +246,7 @@
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
- <version>2.1.0.1</version>
+ <version>2.2.0.0</version>
<exclusions>
<exclusion>
<groupId>commons-beanutils</groupId>
@@ -346,7 +346,7 @@
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
- <version>1.9.3</version>
+ <version>1.9.4</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
@@ -361,7 +361,7 @@
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
- <version>2.11.0.SP5</version>
+ <version>2.12.0</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java
index 69807a1c..c964712d 100644
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java
@@ -43,8 +43,8 @@ import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.regex.Pattern;
import org.apache.commons.lang.NotImplementedException;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
-import org.apache.commons.lang3.StringEscapeUtils;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.util.SystemProperties;
import org.owasp.esapi.ESAPI;
@@ -132,7 +132,7 @@ public class SecurityXssValidator {
if (StringUtils.isNotBlank(value)) {
- value = StringEscapeUtils.escapeHtml4(value);
+ value = StringEscapeUtils.escapeHtml(value);
value = ESAPI.encoder().canonicalize(value);
diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml
index cfdcb244..52690916 100644
--- a/ecomp-sdk/epsdk-app-os/pom.xml
+++ b/ecomp-sdk/epsdk-app-os/pom.xml
@@ -423,7 +423,7 @@
<dependency>
<groupId>com.att.eelf</groupId>
<artifactId>eelf-core</artifactId>
- <version>1.0.0</version>
+ <version>1.0.0-oss</version>
</dependency>
<!-- Mapper -->
<dependency>
@@ -444,12 +444,12 @@
<dependency>
<groupId>com.mchange</groupId>
<artifactId>c3p0</artifactId>
- <version>0.9.5.2</version>
+ <version>0.9.5.4</version>
</dependency>
<dependency>
<groupId>io.searchbox</groupId>
<artifactId>jest</artifactId>
- <version>2.0.0</version>
+ <version>5.3.2</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
@@ -471,7 +471,7 @@
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
- <version>2.2.0</version>
+ <version>6.8.2</version>
<exclusions>
<exclusion>
<groupId>org.apache.lucene</groupId>
diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml
index be08cc3e..565867dd 100644
--- a/ecomp-sdk/epsdk-core/pom.xml
+++ b/ecomp-sdk/epsdk-core/pom.xml
@@ -185,7 +185,7 @@
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
- <version>5.1.3.Final</version>
+ <version>5.2.1.Final</version>
</dependency>
<!-- Servlet+JSP+JSTL -->
<dependency>
@@ -228,7 +228,7 @@
<dependency>
<groupId>com.mchange</groupId>
<artifactId>c3p0</artifactId>
- <version>0.9.5.3</version>
+ <version>0.9.5.4</version>
</dependency>
<!-- Apache Tiles -->
<dependency>
@@ -261,7 +261,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>2.8.10</version>
+ <version>2.8.11.4</version>
</dependency>
<!-- Use Mariadb connector -->
<dependency>
@@ -285,7 +285,7 @@
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-websocket</artifactId>
- <version>8.0.28</version>
+ <version>8.0.52</version>
<scope>provided</scope>
</dependency>
@@ -344,7 +344,7 @@
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
- <version>2.2.0</version>
+ <version>6.8.2</version>
<exclusions>
<exclusion>
<groupId>org.apache.lucene</groupId>
@@ -355,7 +355,7 @@
<dependency>
<groupId>io.searchbox</groupId>
<artifactId>jest</artifactId>
- <version>2.0.0</version>
+ <version>5.3.2</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
@@ -367,13 +367,13 @@
<dependency>
<groupId>com.att.eelf</groupId>
<artifactId>eelf-core</artifactId>
- <version>1.0.0</version>
+ <version>1.0.0-oss</version>
</dependency>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
- <version>2.1.0.1</version>
+ <version>2.2.0.0</version>
<exclusions>
<exclusion>
<groupId>commons-beanutils</groupId>
@@ -434,7 +434,7 @@
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
- <version>1.4.10</version>
+ <version>1.4.11</version>
</dependency>
<dependency>
<groupId>org.apache.wicket</groupId>
@@ -459,7 +459,7 @@
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
- <version>1.9.2</version>
+ <version>1.9.4</version>
</dependency>
<dependency>
<groupId>org.apache.poi</groupId>
diff --git a/ecomp-sdk/epsdk-domain/pom.xml b/ecomp-sdk/epsdk-domain/pom.xml
index 327e51de..f1b554e3 100644
--- a/ecomp-sdk/epsdk-domain/pom.xml
+++ b/ecomp-sdk/epsdk-domain/pom.xml
@@ -33,7 +33,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>2.8.10</version>
+ <version>2.8.11.4</version>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml
index 6c2b283c..1c29ceab 100644
--- a/ecomp-sdk/epsdk-fw/pom.xml
+++ b/ecomp-sdk/epsdk-fw/pom.xml
@@ -17,7 +17,7 @@
<!-- properties are inherited from parent -->
<properties>
- <resteasy.version>3.0.18.Final</resteasy.version>
+ <resteasy.version>3.1.0.Final</resteasy.version>
<powermock.version>1.7.4</powermock.version>
</properties>
<!-- repositories are inherited from parent -->
@@ -108,12 +108,12 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>2.8.10</version>
+ <version>2.8.11.3</version>
</dependency>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
- <version>2.1.0.1</version>
+ <version>2.2.0.0</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
diff --git a/ecomp-sdk/epsdk-logger/pom.xml b/ecomp-sdk/epsdk-logger/pom.xml
index 3f0f7df0..b7e0b644 100644
--- a/ecomp-sdk/epsdk-logger/pom.xml
+++ b/ecomp-sdk/epsdk-logger/pom.xml
@@ -17,7 +17,7 @@
<dependency>
<groupId>com.att.eelf</groupId>
<artifactId>eelf-core</artifactId>
- <version>1.0.0</version>
+ <version>1.0.0-oss</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
diff --git a/ecomp-sdk/epsdk-music/pom.xml b/ecomp-sdk/epsdk-music/pom.xml
index 5c442a91..cfbc41c1 100644
--- a/ecomp-sdk/epsdk-music/pom.xml
+++ b/ecomp-sdk/epsdk-music/pom.xml
@@ -18,7 +18,7 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <springframework.version>4.2.3.RELEASE</springframework.version>
+ <springframework.version>4.3.20.RELEASE</springframework.version>
<jersey1.version>1.19.4</jersey1.version>
<jaxrs.version>2.0.1</jaxrs.version>
<cassandra.version>3.0.0</cassandra.version>
diff --git a/ecomp-sdk/epsdk-workflow/pom.xml b/ecomp-sdk/epsdk-workflow/pom.xml
index 707e1fb1..f08b65f8 100644
--- a/ecomp-sdk/epsdk-workflow/pom.xml
+++ b/ecomp-sdk/epsdk-workflow/pom.xml
@@ -40,7 +40,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>2.8.10</version>
+ <version>2.8.11.4</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
@@ -55,7 +55,7 @@
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
- <version>5.1.3.Final</version>
+ <version>5.2.1.Final</version>
</dependency>
<dependency>
<groupId>org.json</groupId>