security and Pom chanagesrelease-2.1.1

Issue-ID: PORTAL-155 provided fixes for security issues Change-Id: I00a06dffe4c6efecff57272949fea9d0a614018c Signed-off-by: sm921c <sm921c@att.com>
author: sm921c <sm921c@att.com> 2018-04-04 15:09:15 -0400
committer: sm921c <sm921c@att.com> 2018-04-04 15:09:15 -0400
commit: 3cea65c213e29b9086e9a2e4aae910cff00e7a93 (patch)
tree: 3864a5cec4b916557b73f97380e348e043347f75
parent: 7d359877a4ab4b4821bab46c0f28fddf7cfbd35f (diff)
13 files changed, 283 insertions, 44 deletions
diff --git a/ecomp-sdk/epsdk-analytics/pom.xml b/ecomp-sdk/epsdk-analytics/pom.xml
index 76e0df1b..143a6ac9 100644
--- a/ecomp-sdk/epsdk-analytics/pom.xml
+++ b/ecomp-sdk/epsdk-analytics/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.onap.portal.sdk</groupId>
 		<artifactId>epsdk-project</artifactId>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 	
 	<!-- GroupId is inherited from parent -->
@@ -56,17 +56,17 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<!-- Raptor required Libraries -->
 		<!-- for static charts -->
@@ -142,7 +142,7 @@
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>poi-ooxml</artifactId>
-			<version>3.5-FINAL</version>
+			<version>3.15</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java
index 863f510c..9f44bac7 100644
--- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java
+++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/SearchHandler.java
@@ -295,7 +295,7 @@ public class SearchHandler extends org.onap.portalsdk.analytics.RaptorObject {
 		} else {
 			rep_name_sql = " AND UPPER(cr.title) LIKE UPPER('%%') ";
 		}
-		sql = sql.replace("[fReportName]",rep_name_sql);
+		sql = sql.replace("[fReportName]", ESAPI.encoder().canonicalize(rep_name_sql));
 
 		if (menuId.length() > 0){
 			/*sql += "AND INSTR('|'||cr.menu_id||'|', '|'||'" + menuId + "'||'|') > 0 "
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml
index 8252897e..af010a73 100644
--- a/ecomp-sdk/epsdk-app-common/pom.xml
+++ b/ecomp-sdk/epsdk-app-common/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.onap.portal.sdk</groupId>
 		<artifactId>epsdk-project</artifactId>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 
 	<!-- GroupId is inherited from parent -->
@@ -129,17 +129,17 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.mchange</groupId>
@@ -172,6 +172,12 @@
 			<groupId>org.elasticsearch</groupId>
 			<artifactId>elasticsearch</artifactId>
 			<version>2.2.0</version>
+			<exclusions>
+				<exclusion>
+					<groupId>org.apache.lucene</groupId>
+					<artifactId>lucene-queryparser</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.json</groupId>
@@ -236,6 +242,24 @@
 		<groupId>org.owasp.esapi</groupId>
 		<artifactId>esapi</artifactId>
 		<version>2.1.0</version>
+	    <exclusions>
+		<exclusion>
+        	<groupId>commons-beanutils</groupId>
+        	<artifactId>commons-beanutils-core</artifactId>
+		</exclusion>
+        <exclusion>
+        	<groupId>commons-httpclient</groupId>
+            <artifactId>commons-httpclient</artifactId>
+		</exclusion>
+		<exclusion>
+        	<groupId>xerces</groupId>
+            <artifactId>xercesImpl</artifactId>
+		</exclusion>
+        <exclusion>
+        	<groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+		</exclusion>
+        </exclusions>
 	</dependency>
 	<!-- Jacoco for offline instrumentation -->
 		<dependency>
@@ -244,5 +268,55 @@
 			<version>${jacoco.version}</version>
 			<classifier>runtime</classifier>
 		</dependency>
+		<dependency>
+    		<groupId>com.thoughtworks.xstream</groupId>
+    		<artifactId>xstream</artifactId>
+    		<version>1.4.10</version>
+		</dependency>
+		<dependency>
+    		<groupId>org.apache.wicket</groupId>
+    		<artifactId>wicket-core</artifactId>
+    		<version>1.5.16</version>
+		</dependency>
+		<dependency>
+			<groupId>ch.qos.logback</groupId>
+			<artifactId>logback-core</artifactId>
+			<version>1.2.3</version>
+		</dependency>
+		<dependency>
+			<groupId>ch.qos.logback</groupId>
+			<artifactId>logback-classic</artifactId>
+			<version>1.2.3</version>
+		</dependency>
+		<dependency>
+			<groupId>commons-fileupload</groupId>
+			<artifactId>commons-fileupload</artifactId>
+			<version>1.3.3</version>
+		</dependency>
+		<dependency>
+    		<groupId>commons-beanutils</groupId>
+    		<artifactId>commons-beanutils</artifactId>
+    		<version>1.9.3</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.httpcomponents</groupId>
+			<artifactId>httpclient</artifactId>
+			<version>4.5.3</version>
+		</dependency>
+		<dependency>
+    		<groupId>xalan</groupId>
+    		<artifactId>xalan</artifactId>
+    		<version>2.7.2</version>
+		</dependency>
+		<dependency>
+    		<groupId>xerces</groupId>
+    		<artifactId>xercesImpl</artifactId>
+    		<version>2.11.0.SP5</version>
+		</dependency>
+		<dependency>
+    		<groupId>commons-collections</groupId>
+    		<artifactId>commons-collections</artifactId>
+    		<version>3.2.2</version>
+		</dependency>
 	</dependencies>
 </project>
diff --git a/ecomp-sdk/epsdk-app-os/README.md b/ecomp-sdk/epsdk-app-os/README.md
index f74d043f..7304bd1c 100644
--- a/ecomp-sdk/epsdk-app-os/README.md
+++ b/ecomp-sdk/epsdk-app-os/README.md
@@ -18,6 +18,7 @@ Version 2.1.0
 - PORTAL 160 Refer epsdk-app-common
 - PORTAL 159 Refer epsdk-app-common
 - PORTAL 136 Junits for SDK
+- PORTAL 155 Review security issues: portal
 
 Version 1.4.0
 - PORTAL-19 Rename Java package base to org.onap
diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml
index 059c5ea0..5ce068b9 100644
--- a/ecomp-sdk/epsdk-app-os/pom.xml
+++ b/ecomp-sdk/epsdk-app-os/pom.xml
@@ -10,7 +10,7 @@
 	<parent>
 		<groupId>org.onap.portal.sdk</groupId>
 		<artifactId>epsdk-project</artifactId>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 
 	<!-- GroupId is inherited from parent -->
@@ -252,17 +252,17 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.mchange</groupId>
@@ -295,6 +295,12 @@
 			<groupId>org.elasticsearch</groupId>
 			<artifactId>elasticsearch</artifactId>
 			<version>2.2.0</version>
+			<exclusions>
+				<exclusion>
+					<groupId>org.apache.lucene</groupId>
+					<artifactId>lucene-queryparser</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.json</groupId>
diff --git a/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
index aad01286..be3b685d 100644
--- a/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
+++ b/ecomp-sdk/epsdk-app-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
@@ -44,6 +44,9 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ReadListener;
@@ -73,9 +76,27 @@ public class SecurityXssFilter extends OncePerRequestFilter {
 	public class RequestWrapper extends HttpServletRequestWrapper {
 
 		private ByteArrayOutputStream cachedBytes;
+		
+		private Map parameter = new HashMap();
+
+		@SuppressWarnings("unchecked")
 
 		public RequestWrapper(HttpServletRequest request) {
 			super(request);
+			Enumeration<String> parameterNames = request.getParameterNames();
+			while (parameterNames.hasMoreElements()) {
+				String paramName = parameterNames.nextElement();
+				String paramValue = request.getParameter(paramName);
+				parameter.put(paramName,paramValue);
+			}
+		}
+
+		@Override
+		public String getParameter(String name) {
+			if (parameter != null) {
+				return (String) parameter.get(name);
+			}
+			return null;
 		}
 
 		@Override
diff --git a/ecomp-sdk/epsdk-app-overlay/pom.xml b/ecomp-sdk/epsdk-app-overlay/pom.xml
index 8415cf49..a0b000a7 100644
--- a/ecomp-sdk/epsdk-app-overlay/pom.xml
+++ b/ecomp-sdk/epsdk-app-overlay/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.onap.portal.sdk</groupId>
 		<artifactId>epsdk-project</artifactId>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 
 	<!-- GroupId is inherited from parent -->
@@ -43,9 +43,29 @@
 			<version>3.1.0</version>
 		</dependency>
 		<dependency>
-			<groupId>javax.servlet</groupId>
-			<artifactId>jstl</artifactId>
-			<version>1.2</version>
+    		<groupId>org.apache.taglibs</groupId>
+    		<artifactId>taglibs-standard-spec</artifactId>
+    		<version>1.2.5</version>
+		</dependency>
+		<dependency>
+    		<groupId>org.apache.taglibs</groupId>
+    		<artifactId>taglibs-standard-impl</artifactId>
+    		<version>1.2.5</version>
+		</dependency>
+		<dependency>
+    		<groupId>org.apache.taglibs</groupId>
+    		<artifactId>taglibs-standard-spec</artifactId>
+    		<version>1.2.5</version>
+		</dependency>
+		<dependency>
+    		<groupId>org.apache.taglibs</groupId>
+    		<artifactId>taglibs-standard-impl</artifactId>
+    		<version>1.2.5</version>
+		</dependency>
+		<dependency>
+    		<groupId>org.apache.taglibs</groupId>
+   			<artifactId>taglibs-standard-jstlel</artifactId>
+    		<version>1.2.5</version>
 		</dependency>
 	</dependencies>
 
diff --git a/ecomp-sdk/epsdk-core/README.md b/ecomp-sdk/epsdk-core/README.md
index b773ef5c..55cf69fd 100644
--- a/ecomp-sdk/epsdk-core/README.md
+++ b/ecomp-sdk/epsdk-core/README.md
@@ -7,7 +7,7 @@ which is distributed as epsdk-core-N.N.N.jar.  This library
 requires Hibernate and Spring, and provides many features 
 such as data access, session management, logging, on-boarding 
 and more.  Most of these features are demonstrated in the
-ONAP SDK web application.
+ECOMP SDK web application. 
 
 ## Release Notes
 
diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml
index c47effa6..85b60ddc 100644
--- a/ecomp-sdk/epsdk-core/pom.xml
+++ b/ecomp-sdk/epsdk-core/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.onap.portal.sdk</groupId>
 		<artifactId>epsdk-project</artifactId>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 
 	<!-- GroupId is inherited from parent -->
@@ -124,10 +124,6 @@
 					<groupId>org.slf4j</groupId>
 					<artifactId>log4j-over-slf4j</artifactId>
 				</exclusion>
-				<exclusion>
-					<groupId>ch.qos.logback</groupId>
-					<artifactId>logback-classic</artifactId>
-				</exclusion>
 			</exclusions>
 		</dependency>
 		
@@ -167,9 +163,29 @@
 			<version>2.3.1</version>
 		</dependency>
 		<dependency>
-			<groupId>javax.servlet</groupId>
-			<artifactId>jstl</artifactId>
-			<version>1.2</version>
+    		<groupId>org.apache.taglibs</groupId>
+    		<artifactId>taglibs-standard-spec</artifactId>
+    		<version>1.2.5</version>
+		</dependency>
+		<dependency>
+    		<groupId>org.apache.taglibs</groupId>
+    		<artifactId>taglibs-standard-impl</artifactId>
+    		<version>1.2.5</version>
+		</dependency>
+		<dependency>
+    		<groupId>org.apache.taglibs</groupId>
+    		<artifactId>taglibs-standard-spec</artifactId>
+    		<version>1.2.5</version>
+		</dependency>
+		<dependency>
+    		<groupId>org.apache.taglibs</groupId>
+    		<artifactId>taglibs-standard-impl</artifactId>
+    		<version>1.2.5</version>
+		</dependency>
+		<dependency>
+    		<groupId>org.apache.taglibs</groupId>
+   			<artifactId>taglibs-standard-jstlel</artifactId>
+    		<version>1.2.5</version>
 		</dependency>
 		<!-- bridge to implement commons-logging using slf4j -->
 		<dependency>
@@ -209,17 +225,17 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<!-- Use Mariadb connector -->
 		<dependency>
@@ -294,8 +310,8 @@
 
 		<dependency>
 			<groupId>org.bouncycastle</groupId>
-			<artifactId>bcprov-jdk16</artifactId>
-			<version>1.45</version>
+			<artifactId>bcprov-jdk15on</artifactId>
+			<version>1.59</version>
 		</dependency>
 
 		<!-- Elastic Search -->
@@ -303,6 +319,12 @@
 			<groupId>org.elasticsearch</groupId>
 			<artifactId>elasticsearch</artifactId>
 			<version>2.2.0</version>
+			<exclusions>
+				<exclusion>
+					<groupId>org.apache.lucene</groupId>
+					<artifactId>lucene-queryparser</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>io.searchbox</groupId>
@@ -326,6 +348,20 @@
 		<groupId>org.owasp.esapi</groupId>
 		<artifactId>esapi</artifactId>
 		<version>2.1.0.1</version>
+	    <exclusions>
+		<exclusion>
+        	<groupId>commons-beanutils</groupId>
+        	<artifactId>commons-beanutils-core</artifactId>
+		</exclusion>
+        <exclusion>
+        	<groupId>commons-httpclient</groupId>
+            <artifactId>commons-httpclient</artifactId>
+		</exclusion>
+	    <exclusion>
+        	<groupId>xerces</groupId>
+            <artifactId>xercesImpl</artifactId>
+			</exclusion>
+        </exclusions>
 	</dependency>
 
 		<!-- UEB was originally named Cambria -->
@@ -346,6 +382,10 @@
 					<groupId>org.slf4j</groupId>
 					<artifactId>slf4j-log4j12</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>org.apache.httpcomponents</groupId>
+					<artifactId>httpclient</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 		<!-- Jacoco for offline instrumentation -->
@@ -355,6 +395,51 @@
 			<version>${jacoco.version}</version>
 			<classifier>runtime</classifier>
 		</dependency>
+		<dependency>
+    		<groupId>com.thoughtworks.xstream</groupId>
+    		<artifactId>xstream</artifactId>
+    		<version>1.4.10</version>
+		</dependency>
+		<dependency>
+    		<groupId>org.apache.wicket</groupId>
+    		<artifactId>wicket-core</artifactId>
+    		<version>1.5.16</version>
+		</dependency>
+		<dependency>
+			<groupId>ch.qos.logback</groupId>
+			<artifactId>logback-core</artifactId>
+			<version>1.2.3</version>
+		</dependency>
+		<dependency>
+			<groupId>ch.qos.logback</groupId>
+			<artifactId>logback-classic</artifactId>
+			<version>1.2.3</version>
+		</dependency>
+		<dependency>
+			<groupId>commons-fileupload</groupId>
+			<artifactId>commons-fileupload</artifactId>
+			<version>1.3.3</version>
+		</dependency>
+		<dependency>
+    		<groupId>commons-beanutils</groupId>
+    		<artifactId>commons-beanutils</artifactId>
+    		<version>1.9.3</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.httpcomponents</groupId>
+			<artifactId>httpclient</artifactId>
+			<version>4.5.3</version>
+		</dependency>
+		<dependency>
+    		<groupId>xalan</groupId>
+    		<artifactId>xalan</artifactId>
+    		<version>2.7.2</version>
+		</dependency>
+		<dependency>
+    		<groupId>xerces</groupId>
+    		<artifactId>xercesImpl</artifactId>
+    		<version>2.11.0.SP5</version>
+		</dependency>	
 	</dependencies>
 	
 </project>
diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml
index 2eb62648..9f2929b5 100644
--- a/ecomp-sdk/epsdk-fw/pom.xml
+++ b/ecomp-sdk/epsdk-fw/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>org.onap.portal.sdk</groupId>
 		<artifactId>epsdk-project</artifactId>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 
 	<!-- GroupId is inherited from parent -->
@@ -75,12 +75,12 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>org.owasp.esapi</groupId>
@@ -91,6 +91,22 @@
 					<groupId>log4j</groupId>
 					<artifactId>log4j</artifactId>
 				</exclusion>
+				<exclusion>
+        			<groupId>xerces</groupId>
+            		<artifactId>xercesImpl</artifactId>
+				</exclusion>
+				<exclusion>
+        			<groupId>xalan</groupId>
+            		<artifactId>xalan</artifactId>
+				</exclusion>
+				<exclusion>
+        			<groupId>commons-beanutils</groupId>
+            		<artifactId>commons-beanutils</artifactId>
+				</exclusion>
+				<exclusion>
+        			<groupId>commons-httpclient</groupId>
+            		<artifactId>commons-httpclient</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 		<dependency>
@@ -115,7 +131,7 @@
 		<dependency>
 			<groupId>ch.qos.logback</groupId>
 			<artifactId>logback-classic</artifactId>
-			<version>1.1.1</version>
+			<version>1.2.3</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
@@ -123,6 +139,12 @@
 			<artifactId>resteasy-spring</artifactId>
 			<version>${resteasy.version}</version>
 			<scope>test</scope>
+			<exclusions>
+				<exclusion>
+					<groupId>org.apache.httpcomponents</groupId>
+					<artifactId>httpclient</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.jboss.resteasy</groupId>
@@ -161,6 +183,16 @@
 		    <scope>test</scope>
 		    <version>${jacoco.version}</version>
 		</dependency>
+				<dependency>
+			<groupId>commons-fileupload</groupId>
+			<artifactId>commons-fileupload</artifactId>
+			<version>1.3.3</version>
+		</dependency>
+		<dependency>
+    		<groupId>commons-beanutils</groupId>
+    		<artifactId>commons-beanutils</artifactId>
+    		<version>1.9.3</version>
+		</dependency>
 	</dependencies>
 
 </project>
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java
index ba95d870..eef88b4b 100644
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java
@@ -263,7 +263,7 @@ public class CipherUtil {
 		return CipherUtil.decryptPKC(encryptedText, keyString);
 	}
 
-	public static void main(String[] args) throws CipherUtilException {
+/*	public static void main(String[] args) throws CipherUtilException {
 
 		String testValue = "Welcome123";
 		String encrypted;
@@ -290,6 +290,6 @@ public class CipherUtil {
 				System.out.println("Encrypted Text" + encrypted);
 			}
 		}
-	}
+	}*/
 
 }
diff --git a/ecomp-sdk/epsdk-workflow/pom.xml b/ecomp-sdk/epsdk-workflow/pom.xml
index c187fe1a..51ffc7ef 100644
--- a/ecomp-sdk/epsdk-workflow/pom.xml
+++ b/ecomp-sdk/epsdk-workflow/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.onap.portal.sdk</groupId>
 		<artifactId>epsdk-project</artifactId>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 	
 	<!-- GroupId is inherited from parent -->
@@ -30,17 +30,17 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>javax.servlet</groupId>
diff --git a/ecomp-sdk/pom.xml b/ecomp-sdk/pom.xml
index 9046f458..b2abfdb7 100644
--- a/ecomp-sdk/pom.xml
+++ b/ecomp-sdk/pom.xml
@@ -14,7 +14,7 @@
 	<!-- Portal SDK Maven parent project -->
 	<groupId>org.onap.portal.sdk</groupId>
 	<artifactId>epsdk-project</artifactId>
-	<version>2.1.0</version>
+	<version>2.1.1</version>
 	<packaging>pom</packaging>
 	<name>portal-sdk</name>
 	<url>https://wiki.onap.org/display/DW/Portal</url>
@@ -31,7 +31,7 @@
 
 	<properties>
 		<encoding>UTF-8</encoding>
-		<springframework.version>4.2.0.RELEASE</springframework.version>
+		<springframework.version>4.2.3.RELEASE</springframework.version>
 		<hibernate.version>4.3.11.Final</hibernate.version>
 		<skiptests>false</skiptests>
 		<nexusproxy>https://nexus.onap.org</nexusproxy>
author	sm921c <sm921c@att.com>	2018-04-04 15:09:15 -0400
committer	sm921c <sm921c@att.com>	2018-04-04 15:09:15 -0400
commit	3cea65c213e29b9086e9a2e4aae910cff00e7a93 (patch)
tree	3864a5cec4b916557b73f97380e348e043347f75
parent	7d359877a4ab4b4821bab46c0f28fddf7cfbd35f (diff)