diff options
author | sm921c <sm921c@att.com> | 2018-04-04 15:09:15 -0400 |
---|---|---|
committer | sm921c <sm921c@att.com> | 2018-04-04 15:09:15 -0400 |
commit | 3cea65c213e29b9086e9a2e4aae910cff00e7a93 (patch) | |
tree | 3864a5cec4b916557b73f97380e348e043347f75 /ecomp-sdk/epsdk-core | |
parent | 7d359877a4ab4b4821bab46c0f28fddf7cfbd35f (diff) |
security and Pom chanagesrelease-2.1.1
Issue-ID: PORTAL-155
provided fixes for security issues
Change-Id: I00a06dffe4c6efecff57272949fea9d0a614018c
Signed-off-by: sm921c <sm921c@att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-core')
-rw-r--r-- | ecomp-sdk/epsdk-core/README.md | 2 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-core/pom.xml | 111 |
2 files changed, 99 insertions, 14 deletions
diff --git a/ecomp-sdk/epsdk-core/README.md b/ecomp-sdk/epsdk-core/README.md index b773ef5c..55cf69fd 100644 --- a/ecomp-sdk/epsdk-core/README.md +++ b/ecomp-sdk/epsdk-core/README.md @@ -7,7 +7,7 @@ which is distributed as epsdk-core-N.N.N.jar. This library requires Hibernate and Spring, and provides many features such as data access, session management, logging, on-boarding and more. Most of these features are demonstrated in the -ONAP SDK web application. +ECOMP SDK web application. ## Release Notes diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml index c47effa6..85b60ddc 100644 --- a/ecomp-sdk/epsdk-core/pom.xml +++ b/ecomp-sdk/epsdk-core/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-project</artifactId> - <version>2.1.0</version> + <version>2.1.1</version> </parent> <!-- GroupId is inherited from parent --> @@ -124,10 +124,6 @@ <groupId>org.slf4j</groupId> <artifactId>log4j-over-slf4j</artifactId> </exclusion> - <exclusion> - <groupId>ch.qos.logback</groupId> - <artifactId>logback-classic</artifactId> - </exclusion> </exclusions> </dependency> @@ -167,9 +163,29 @@ <version>2.3.1</version> </dependency> <dependency> - <groupId>javax.servlet</groupId> - <artifactId>jstl</artifactId> - <version>1.2</version> + <groupId>org.apache.taglibs</groupId> + <artifactId>taglibs-standard-spec</artifactId> + <version>1.2.5</version> + </dependency> + <dependency> + <groupId>org.apache.taglibs</groupId> + <artifactId>taglibs-standard-impl</artifactId> + <version>1.2.5</version> + </dependency> + <dependency> + <groupId>org.apache.taglibs</groupId> + <artifactId>taglibs-standard-spec</artifactId> + <version>1.2.5</version> + </dependency> + <dependency> + <groupId>org.apache.taglibs</groupId> + <artifactId>taglibs-standard-impl</artifactId> + <version>1.2.5</version> + </dependency> + <dependency> + <groupId>org.apache.taglibs</groupId> + <artifactId>taglibs-standard-jstlel</artifactId> + <version>1.2.5</version> </dependency> <!-- bridge to implement commons-logging using slf4j --> <dependency> @@ -209,17 +225,17 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-annotations</artifactId> - <version>2.6.3</version> + <version>2.8.10</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> - <version>2.6.3</version> + <version>2.8.10</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>2.6.3</version> + <version>2.8.10</version> </dependency> <!-- Use Mariadb connector --> <dependency> @@ -294,8 +310,8 @@ <dependency> <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk16</artifactId> - <version>1.45</version> + <artifactId>bcprov-jdk15on</artifactId> + <version>1.59</version> </dependency> <!-- Elastic Search --> @@ -303,6 +319,12 @@ <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> <version>2.2.0</version> + <exclusions> + <exclusion> + <groupId>org.apache.lucene</groupId> + <artifactId>lucene-queryparser</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>io.searchbox</groupId> @@ -326,6 +348,20 @@ <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> <version>2.1.0.1</version> + <exclusions> + <exclusion> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils-core</artifactId> + </exclusion> + <exclusion> + <groupId>commons-httpclient</groupId> + <artifactId>commons-httpclient</artifactId> + </exclusion> + <exclusion> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + </exclusion> + </exclusions> </dependency> <!-- UEB was originally named Cambria --> @@ -346,6 +382,10 @@ <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> </exclusion> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + </exclusion> </exclusions> </dependency> <!-- Jacoco for offline instrumentation --> @@ -355,6 +395,51 @@ <version>${jacoco.version}</version> <classifier>runtime</classifier> </dependency> + <dependency> + <groupId>com.thoughtworks.xstream</groupId> + <artifactId>xstream</artifactId> + <version>1.4.10</version> + </dependency> + <dependency> + <groupId>org.apache.wicket</groupId> + <artifactId>wicket-core</artifactId> + <version>1.5.16</version> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-core</artifactId> + <version>1.2.3</version> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>1.2.3</version> + </dependency> + <dependency> + <groupId>commons-fileupload</groupId> + <artifactId>commons-fileupload</artifactId> + <version>1.3.3</version> + </dependency> + <dependency> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils</artifactId> + <version>1.9.3</version> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + <version>4.5.3</version> + </dependency> + <dependency> + <groupId>xalan</groupId> + <artifactId>xalan</artifactId> + <version>2.7.2</version> + </dependency> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.11.0.SP5</version> + </dependency> </dependencies> </project> |