summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-app-common
diff options
context:
space:
mode:
authorDominik Mizyn <d.mizyn@samsung.com>2019-10-18 14:43:07 +0200
committerDominik Mizyn <d.mizyn@samsung.com>2019-10-18 14:43:22 +0200
commiteae3e8b357d96bff29ce0b3086aed388754feaf2 (patch)
tree0936b9fbbda709a0f8633499b5be0c247aeadd93 /ecomp-sdk/epsdk-app-common
parentd98d4c9f564428ee9edd398675b27226645d7ef5 (diff)
Security Vulnerability in pom.xml fix
Security Vulnerability in pom.xml fix Issue-ID: PORTAL-772 Change-Id: I6b0932122b101411b06d371e757918875529b87d Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-common')
-rw-r--r--ecomp-sdk/epsdk-app-common/pom.xml14
-rw-r--r--ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java4
2 files changed, 9 insertions, 9 deletions
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml
index 473c942a..2d0bf371 100644
--- a/ecomp-sdk/epsdk-app-common/pom.xml
+++ b/ecomp-sdk/epsdk-app-common/pom.xml
@@ -128,7 +128,7 @@
<dependency>
<groupId>com.att.eelf</groupId>
<artifactId>eelf-core</artifactId>
- <version>1.0.0</version>
+ <version>1.0.0-oss</version>
</dependency>
<!-- Mapper -->
<dependency>
@@ -149,12 +149,12 @@
<dependency>
<groupId>com.mchange</groupId>
<artifactId>c3p0</artifactId>
- <version>0.9.5.3</version>
+ <version>0.9.5.4</version>
</dependency>
<dependency>
<groupId>io.searchbox</groupId>
<artifactId>jest</artifactId>
- <version>2.0.0</version>
+ <version>5.3.4</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
@@ -176,7 +176,7 @@
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
- <version>7.1.1</version>
+ <version>7.2.1</version>
<exclusions>
<exclusion>
<groupId>org.apache.lucene</groupId>
@@ -246,7 +246,7 @@
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
- <version>2.1.0.1</version>
+ <version>2.2.0.0</version>
<exclusions>
<exclusion>
<groupId>commons-beanutils</groupId>
@@ -346,7 +346,7 @@
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
- <version>1.9.3</version>
+ <version>1.9.4</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
@@ -361,7 +361,7 @@
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
- <version>2.11.0.SP5</version>
+ <version>2.12.0</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java
index 69807a1c..c964712d 100644
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java
@@ -43,8 +43,8 @@ import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.regex.Pattern;
import org.apache.commons.lang.NotImplementedException;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
-import org.apache.commons.lang3.StringEscapeUtils;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.util.SystemProperties;
import org.owasp.esapi.ESAPI;
@@ -132,7 +132,7 @@ public class SecurityXssValidator {
if (StringUtils.isNotBlank(value)) {
- value = StringEscapeUtils.escapeHtml4(value);
+ value = StringEscapeUtils.escapeHtml(value);
value = ESAPI.encoder().canonicalize(value);