Security Vulnerability in pom.xml fix

Security Vulnerability in pom.xml fix Issue-ID: PORTAL-772 Change-Id: I6b0932122b101411b06d371e757918875529b87d Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
author: Dominik Mizyn <d.mizyn@samsung.com> 2019-10-18 14:43:07 +0200
committer: Dominik Mizyn <d.mizyn@samsung.com> 2019-10-18 14:43:22 +0200
commit: eae3e8b357d96bff29ce0b3086aed388754feaf2 (patch)
tree: 0936b9fbbda709a0f8633499b5be0c247aeadd93 /ecomp-sdk/epsdk-app-common
parent: d98d4c9f564428ee9edd398675b27226645d7ef5 (diff)
2 files changed, 9 insertions, 9 deletions
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml
index 473c942a..2d0bf371 100644
--- a/ecomp-sdk/epsdk-app-common/pom.xml
+++ b/ecomp-sdk/epsdk-app-common/pom.xml
@@ -128,7 +128,7 @@
 		<dependency>
 			<groupId>com.att.eelf</groupId>
 			<artifactId>eelf-core</artifactId>
-			<version>1.0.0</version>
+			<version>1.0.0-oss</version>
 		</dependency>
 		<!-- Mapper -->
 		<dependency>
@@ -149,12 +149,12 @@
 		<dependency>
 			<groupId>com.mchange</groupId>
 			<artifactId>c3p0</artifactId>
-			<version>0.9.5.3</version>
+			<version>0.9.5.4</version>
 		</dependency>
 		<dependency>
 			<groupId>io.searchbox</groupId>
 			<artifactId>jest</artifactId>
-			<version>2.0.0</version>
+			<version>5.3.4</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
@@ -176,7 +176,7 @@
 		<dependency>
 			<groupId>org.elasticsearch</groupId>
 			<artifactId>elasticsearch</artifactId>
-			<version>7.1.1</version>
+			<version>7.2.1</version>
 			<exclusions>
 				<exclusion>
 					<groupId>org.apache.lucene</groupId>
@@ -246,7 +246,7 @@
 	<dependency>
 		<groupId>org.owasp.esapi</groupId>
 		<artifactId>esapi</artifactId>
-		<version>2.1.0.1</version>
+		<version>2.2.0.0</version>
 	    <exclusions>
 		<exclusion>
         	<groupId>commons-beanutils</groupId>
@@ -346,7 +346,7 @@
 		<dependency>
     		<groupId>commons-beanutils</groupId>
     		<artifactId>commons-beanutils</artifactId>
-    		<version>1.9.3</version>
+    		<version>1.9.4</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.httpcomponents</groupId>
@@ -361,7 +361,7 @@
 		<dependency>
     		<groupId>xerces</groupId>
     		<artifactId>xercesImpl</artifactId>
-    		<version>2.11.0.SP5</version>
+    		<version>2.12.0</version>
 		</dependency>
 		<dependency>
     		<groupId>commons-collections</groupId>
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java
index 69807a1c..c964712d 100644
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java
@@ -43,8 +43,8 @@ import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
 import java.util.regex.Pattern;
 import org.apache.commons.lang.NotImplementedException;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
-import org.apache.commons.lang3.StringEscapeUtils;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.util.SystemProperties;
 import org.owasp.esapi.ESAPI;
@@ -132,7 +132,7 @@ public class SecurityXssValidator {
 
       if (StringUtils.isNotBlank(value)) {
 
-        value = StringEscapeUtils.escapeHtml4(value);
+        value = StringEscapeUtils.escapeHtml(value);
 
         value = ESAPI.encoder().canonicalize(value);
author	Dominik Mizyn <d.mizyn@samsung.com>	2019-10-18 14:43:07 +0200
committer	Dominik Mizyn <d.mizyn@samsung.com>	2019-10-18 14:43:22 +0200
commit	eae3e8b357d96bff29ce0b3086aed388754feaf2 (patch)
tree	0936b9fbbda709a0f8633499b5be0c247aeadd93 /ecomp-sdk/epsdk-app-common
parent	d98d4c9f564428ee9edd398675b27226645d7ef5 (diff)