diff options
author | sa282w <sa282w@att.com> | 2018-04-02 11:33:14 -0400 |
---|---|---|
committer | sa282w <sa282w@att.com> | 2018-04-02 11:33:14 -0400 |
commit | d8c81e748f1db2fbd2bdd810671d90894af35d69 (patch) | |
tree | e532c473e94cc561ed6aafb8b728ff666ac0090c | |
parent | 19a214bd35c126067ea6c07825d1e58edf336c50 (diff) |
Security Vunerabilities
Issue-ID: PORTAL-155
Excluded beanshell dependency from epsdk-common, epsdk-core and epsdk-fw
pom.xml.
Change-Id: I068bd1134269a162a64710abc92aacf9cbba32d3
Signed-off-by: sa282w <sa282w@att.com>
-rw-r--r-- | ecomp-sdk/epsdk-app-common/pom.xml | 24 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-app-os/pom.xml | 10 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-core/pom.xml | 34 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-fw/pom.xml | 16 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-music/pom.xml | 42 |
5 files changed, 72 insertions, 54 deletions
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml index 6e4f9e19..f31aa797 100644 --- a/ecomp-sdk/epsdk-app-common/pom.xml +++ b/ecomp-sdk/epsdk-app-common/pom.xml @@ -172,11 +172,11 @@ <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> <version>2.2.0</version> - <exclusions> - <exclusion> - <groupId>org.apache.lucene</groupId> - <artifactId>lucene-queryparser</artifactId> - </exclusion> + <exclusions> + <exclusion> + <groupId>org.apache.lucene</groupId> + <artifactId>lucene-queryparser</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -242,7 +242,7 @@ <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> <version>2.1.0</version> - <exclusions> + <exclusions> <exclusion> <groupId>commons-beanutils</groupId> <artifactId>commons-beanutils-core</artifactId> @@ -251,7 +251,7 @@ <groupId>commons-httpclient</groupId> <artifactId>commons-httpclient</artifactId> </exclusion> - <exclusion> + <exclusion> <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId> </exclusion> @@ -259,6 +259,10 @@ <groupId>commons-collections</groupId> <artifactId>commons-collections</artifactId> </exclusion> + <exclusion> + <groupId>org.beanshell</groupId> + <artifactId>bsh-core</artifactId> + </exclusion> </exclusions> </dependency> <!-- Jacoco for offline instrumentation --> @@ -268,7 +272,6 @@ <version>${jacoco.version}</version> <classifier>runtime</classifier> </dependency> - <dependency> <groupId>com.thoughtworks.xstream</groupId> <artifactId>xstream</artifactId> @@ -309,8 +312,9 @@ <groupId>xalan</groupId> <artifactId>xalan</artifactId> <version>2.7.2</version> - </dependency> - <dependency> + </dependency> + <dependency> + <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId> <version>2.11.0.SP5</version> diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml index ff5ce26b..d904d68f 100644 --- a/ecomp-sdk/epsdk-app-os/pom.xml +++ b/ecomp-sdk/epsdk-app-os/pom.xml @@ -307,11 +307,11 @@ <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> <version>2.2.0</version> - <exclusions> - <exclusion> - <groupId>org.apache.lucene</groupId> - <artifactId>lucene-queryparser</artifactId> - </exclusion> + <exclusions> + <exclusion> + <groupId>org.apache.lucene</groupId> + <artifactId>lucene-queryparser</artifactId> + </exclusion> </exclusions> </dependency> <dependency> diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml index 8fd5a6ee..1bdb1490 100644 --- a/ecomp-sdk/epsdk-core/pom.xml +++ b/ecomp-sdk/epsdk-core/pom.xml @@ -319,11 +319,11 @@ <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> <version>2.2.0</version> - <exclusions> - <exclusion> - <groupId>org.apache.lucene</groupId> - <artifactId>lucene-queryparser</artifactId> - </exclusion> + <exclusions> + <exclusion> + <groupId>org.apache.lucene</groupId> + <artifactId>lucene-queryparser</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -348,7 +348,7 @@ <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> <version>2.1.0.1</version> - <exclusions> + <exclusions> <exclusion> <groupId>commons-beanutils</groupId> <artifactId>commons-beanutils-core</artifactId> @@ -357,9 +357,13 @@ <groupId>commons-httpclient</groupId> <artifactId>commons-httpclient</artifactId> </exclusion> - <exclusion> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> + <exclusion> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + </exclusion> + <exclusion> + <groupId>org.beanshell</groupId> + <artifactId>bsh-core</artifactId> </exclusion> </exclusions> </dependency> @@ -434,12 +438,12 @@ <groupId>xalan</groupId> <artifactId>xalan</artifactId> <version>2.7.2</version> - </dependency> - <dependency> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - <version>2.11.0.SP5</version> - </dependency> + </dependency> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.11.0.SP5</version> + </dependency> </dependencies> </project> diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml index 62600840..55f68744 100644 --- a/ecomp-sdk/epsdk-fw/pom.xml +++ b/ecomp-sdk/epsdk-fw/pom.xml @@ -107,6 +107,10 @@ <groupId>commons-httpclient</groupId> <artifactId>commons-httpclient</artifactId> </exclusion> + <exclusion> + <groupId>org.beanshell</groupId> + <artifactId>bsh-core</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -145,6 +149,12 @@ <artifactId>resteasy-spring</artifactId> <version>${resteasy.version}</version> <scope>test</scope> + <exclusions> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.jboss.resteasy</groupId> @@ -189,9 +199,9 @@ <version>1.3.3</version> </dependency> <dependency> - <groupId>commons-beanutils</groupId> - <artifactId>commons-beanutils</artifactId> - <version>1.9.3</version> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils</artifactId> + <version>1.9.3</version> </dependency> </dependencies> diff --git a/ecomp-sdk/epsdk-music/pom.xml b/ecomp-sdk/epsdk-music/pom.xml index e5ee7a68..6429518f 100644 --- a/ecomp-sdk/epsdk-music/pom.xml +++ b/ecomp-sdk/epsdk-music/pom.xml @@ -125,7 +125,7 @@ <groupId>org.onap.music</groupId> <artifactId>core</artifactId> <version>2.4.4.2</version> - </dependency> + </dependency> <!-- Mapper --> <dependency> @@ -201,26 +201,26 @@ </configuration> </plugin> <plugin> - <artifactId>maven-assembly-plugin</artifactId> - <configuration> - <archive> - <manifest> - </manifest> - </archive> - <descriptorRefs> - <descriptorRef>jar-with-dependencies</descriptorRef> - </descriptorRefs> - </configuration> - <executions> - <execution> - <id>make-assembly</id> <!-- this is used for inheritance merges --> - <phase>package</phase> <!-- bind to the packaging phase --> - <goals> - <goal>single</goal> - </goals> - </execution> - </executions> - </plugin> + <artifactId>maven-assembly-plugin</artifactId> + <configuration> + <archive> + <manifest> + </manifest> + </archive> + <descriptorRefs> + <descriptorRef>jar-with-dependencies</descriptorRef> + </descriptorRefs> + </configuration> + <executions> + <execution> + <id>make-assembly</id> <!-- this is used for inheritance merges --> + <phase>package</phase> <!-- bind to the packaging phase --> + <goals> + <goal>single</goal> + </goals> + </execution> + </executions> + </plugin> </plugins> </build> </project> |