From eae3e8b357d96bff29ce0b3086aed388754feaf2 Mon Sep 17 00:00:00 2001
From: Dominik Mizyn <d.mizyn@samsung.com>
Date: Fri, 18 Oct 2019 14:43:07 +0200
Subject: Security Vulnerability in pom.xml fix

Security Vulnerability in pom.xml fix

Issue-ID: PORTAL-772
Change-Id: I6b0932122b101411b06d371e757918875529b87d
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
---
 ecomp-sdk/epsdk-aaf/pom.xml                          |  4 ++--
 ecomp-sdk/epsdk-analytics/pom.xml                    |  4 ++--
 .../org/onap/portalsdk/analytics/system/DbUtils.java |  3 +--
 ecomp-sdk/epsdk-app-common/pom.xml                   | 14 +++++++-------
 .../onap/portalapp/util/SecurityXssValidator.java    |  4 ++--
 ecomp-sdk/epsdk-app-os/pom.xml                       |  8 ++++----
 ecomp-sdk/epsdk-core/pom.xml                         | 20 ++++++++++----------
 ecomp-sdk/epsdk-domain/pom.xml                       |  2 +-
 ecomp-sdk/epsdk-fw/pom.xml                           |  6 +++---
 ecomp-sdk/epsdk-logger/pom.xml                       |  2 +-
 ecomp-sdk/epsdk-music/pom.xml                        |  2 +-
 ecomp-sdk/epsdk-workflow/pom.xml                     |  4 ++--
 12 files changed, 36 insertions(+), 37 deletions(-)

diff --git a/ecomp-sdk/epsdk-aaf/pom.xml b/ecomp-sdk/epsdk-aaf/pom.xml
index 9d10e9bb..036b5e4a 100644
--- a/ecomp-sdk/epsdk-aaf/pom.xml
+++ b/ecomp-sdk/epsdk-aaf/pom.xml
@@ -19,7 +19,7 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<springframework.version>4.2.0.RELEASE</springframework.version>
+		<springframework.version>4.3.20.RELEASE</springframework.version>
 	</properties>
 	<dependencies>
 		<!-- internal -->
@@ -108,7 +108,7 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter</artifactId>
-			<version>1.3.0.RELEASE</version>
+			<version>1.3.1.RELEASE</version>
 			<exclusions>
 				<exclusion>
 					<groupId>org.slf4j</groupId>
diff --git a/ecomp-sdk/epsdk-analytics/pom.xml b/ecomp-sdk/epsdk-analytics/pom.xml
index dcffc4ce..26821ded 100644
--- a/ecomp-sdk/epsdk-analytics/pom.xml
+++ b/ecomp-sdk/epsdk-analytics/pom.xml
@@ -45,7 +45,7 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.8.10</version>
+			<version>2.8.11.4</version>
 		</dependency>
 		<!-- Raptor required Libraries -->
 		<!-- for static charts -->
@@ -146,7 +146,7 @@
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>poi-scratchpad</artifactId>
-			<version>3.14</version>
+			<version>3.17</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java
index 67acdf9e..d528dc6d 100644
--- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java
+++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/DbUtils.java
@@ -45,7 +45,6 @@ import java.sql.SQLException;
 import java.sql.Statement;
 import java.sql.Types;
 import javax.sql.DataSource;
-import org.apache.commons.lang3.StringUtils;
 import org.onap.portalsdk.analytics.error.RaptorException;
 import org.onap.portalsdk.analytics.error.ReportSQLException;
 import org.onap.portalsdk.analytics.model.runtime.ReportRuntime;
@@ -213,7 +212,7 @@ public class DbUtils {
         try (final Connection con = getConnection();) {
             if (con != null) {
                 try (final PreparedStatement preparedStatement = con.prepareStatement(sql);) {
-                    if (StringUtils.isNotBlank(reportID)) {
+                    if (!reportID.isEmpty()) {
                         preparedStatement.setString(1, reportID);
                         preparedStatement.setString(2, reportName);
                     } else {
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml
index 473c942a..2d0bf371 100644
--- a/ecomp-sdk/epsdk-app-common/pom.xml
+++ b/ecomp-sdk/epsdk-app-common/pom.xml
@@ -128,7 +128,7 @@
 		<dependency>
 			<groupId>com.att.eelf</groupId>
 			<artifactId>eelf-core</artifactId>
-			<version>1.0.0</version>
+			<version>1.0.0-oss</version>
 		</dependency>
 		<!-- Mapper -->
 		<dependency>
@@ -149,12 +149,12 @@
 		<dependency>
 			<groupId>com.mchange</groupId>
 			<artifactId>c3p0</artifactId>
-			<version>0.9.5.3</version>
+			<version>0.9.5.4</version>
 		</dependency>
 		<dependency>
 			<groupId>io.searchbox</groupId>
 			<artifactId>jest</artifactId>
-			<version>2.0.0</version>
+			<version>5.3.4</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
@@ -176,7 +176,7 @@
 		<dependency>
 			<groupId>org.elasticsearch</groupId>
 			<artifactId>elasticsearch</artifactId>
-			<version>7.1.1</version>
+			<version>7.2.1</version>
 			<exclusions>
 				<exclusion>
 					<groupId>org.apache.lucene</groupId>
@@ -246,7 +246,7 @@
 	<dependency>
 		<groupId>org.owasp.esapi</groupId>
 		<artifactId>esapi</artifactId>
-		<version>2.1.0.1</version>
+		<version>2.2.0.0</version>
 	    <exclusions>
 		<exclusion>
         	<groupId>commons-beanutils</groupId>
@@ -346,7 +346,7 @@
 		<dependency>
     		<groupId>commons-beanutils</groupId>
     		<artifactId>commons-beanutils</artifactId>
-    		<version>1.9.3</version>
+    		<version>1.9.4</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.httpcomponents</groupId>
@@ -361,7 +361,7 @@
 		<dependency>
     		<groupId>xerces</groupId>
     		<artifactId>xercesImpl</artifactId>
-    		<version>2.11.0.SP5</version>
+    		<version>2.12.0</version>
 		</dependency>
 		<dependency>
     		<groupId>commons-collections</groupId>
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java
index 69807a1c..c964712d 100644
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/util/SecurityXssValidator.java
@@ -43,8 +43,8 @@ import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
 import java.util.regex.Pattern;
 import org.apache.commons.lang.NotImplementedException;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
-import org.apache.commons.lang3.StringEscapeUtils;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.util.SystemProperties;
 import org.owasp.esapi.ESAPI;
@@ -132,7 +132,7 @@ public class SecurityXssValidator {
 
       if (StringUtils.isNotBlank(value)) {
 
-        value = StringEscapeUtils.escapeHtml4(value);
+        value = StringEscapeUtils.escapeHtml(value);
 
         value = ESAPI.encoder().canonicalize(value);
 
diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml
index cfdcb244..52690916 100644
--- a/ecomp-sdk/epsdk-app-os/pom.xml
+++ b/ecomp-sdk/epsdk-app-os/pom.xml
@@ -423,7 +423,7 @@
 		<dependency>
 			<groupId>com.att.eelf</groupId>
 			<artifactId>eelf-core</artifactId>
-			<version>1.0.0</version>
+			<version>1.0.0-oss</version>
 		</dependency>
 		<!-- Mapper -->
 		<dependency>
@@ -444,12 +444,12 @@
 		<dependency>
 			<groupId>com.mchange</groupId>
 			<artifactId>c3p0</artifactId>
-			<version>0.9.5.2</version>
+			<version>0.9.5.4</version>
 		</dependency>
 		<dependency>
 			<groupId>io.searchbox</groupId>
 			<artifactId>jest</artifactId>
-			<version>2.0.0</version>
+			<version>5.3.2</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
@@ -471,7 +471,7 @@
 		<dependency>
 			<groupId>org.elasticsearch</groupId>
 			<artifactId>elasticsearch</artifactId>
-			<version>2.2.0</version>
+			<version>6.8.2</version>
 			<exclusions>
 				<exclusion>
 					<groupId>org.apache.lucene</groupId>
diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml
index be08cc3e..565867dd 100644
--- a/ecomp-sdk/epsdk-core/pom.xml
+++ b/ecomp-sdk/epsdk-core/pom.xml
@@ -185,7 +185,7 @@
 		<dependency>
 			<groupId>org.hibernate</groupId>
 			<artifactId>hibernate-validator</artifactId>
-			<version>5.1.3.Final</version>
+			<version>5.2.1.Final</version>
 		</dependency>
 		<!-- Servlet+JSP+JSTL -->
 		<dependency>
@@ -228,7 +228,7 @@
 		<dependency>
 			<groupId>com.mchange</groupId>
 			<artifactId>c3p0</artifactId>
-			<version>0.9.5.3</version>
+			<version>0.9.5.4</version>
 		</dependency>
 		<!-- Apache Tiles -->
 		<dependency>
@@ -261,7 +261,7 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.8.10</version>
+			<version>2.8.11.4</version>
 		</dependency>
 		<!-- Use Mariadb connector -->
 		<dependency>
@@ -285,7 +285,7 @@
 		<dependency>
 			<groupId>org.apache.tomcat</groupId>
 			<artifactId>tomcat-websocket</artifactId>
-			<version>8.0.28</version>
+			<version>8.0.52</version>
 			<scope>provided</scope>
 		</dependency>
 
@@ -344,7 +344,7 @@
 		<dependency>
 			<groupId>org.elasticsearch</groupId>
 			<artifactId>elasticsearch</artifactId>
-			<version>2.2.0</version>
+			<version>6.8.2</version>
 			<exclusions>
 				<exclusion>
 					<groupId>org.apache.lucene</groupId>
@@ -355,7 +355,7 @@
 		<dependency>
 			<groupId>io.searchbox</groupId>
 			<artifactId>jest</artifactId>
-			<version>2.0.0</version>
+			<version>5.3.2</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
@@ -367,13 +367,13 @@
 		<dependency>
 			<groupId>com.att.eelf</groupId>
 			<artifactId>eelf-core</artifactId>
-			<version>1.0.0</version>
+			<version>1.0.0-oss</version>
 		</dependency>
 
 	<dependency>
 		<groupId>org.owasp.esapi</groupId>
 		<artifactId>esapi</artifactId>
-		<version>2.1.0.1</version>
+		<version>2.2.0.0</version>
 		<exclusions>
 			<exclusion>
 				<groupId>commons-beanutils</groupId>
@@ -434,7 +434,7 @@
 		<dependency>
 			<groupId>com.thoughtworks.xstream</groupId>
 			<artifactId>xstream</artifactId>
-			<version>1.4.10</version>
+			<version>1.4.11</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.wicket</groupId>
@@ -459,7 +459,7 @@
 		<dependency>
 			<groupId>commons-beanutils</groupId>
 			<artifactId>commons-beanutils</artifactId>
-			<version>1.9.2</version>
+			<version>1.9.4</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.poi</groupId>
diff --git a/ecomp-sdk/epsdk-domain/pom.xml b/ecomp-sdk/epsdk-domain/pom.xml
index 327e51de..f1b554e3 100644
--- a/ecomp-sdk/epsdk-domain/pom.xml
+++ b/ecomp-sdk/epsdk-domain/pom.xml
@@ -33,7 +33,7 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.8.10</version>
+			<version>2.8.11.4</version>
 		</dependency>
 		<dependency>
 			<groupId>org.mockito</groupId>
diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml
index 6c2b283c..1c29ceab 100644
--- a/ecomp-sdk/epsdk-fw/pom.xml
+++ b/ecomp-sdk/epsdk-fw/pom.xml
@@ -17,7 +17,7 @@
 
 	<!-- properties are inherited from parent -->
 	<properties>
-		<resteasy.version>3.0.18.Final</resteasy.version>
+		<resteasy.version>3.1.0.Final</resteasy.version>
 		<powermock.version>1.7.4</powermock.version>
 	</properties>
 	<!-- repositories are inherited from parent -->
@@ -108,12 +108,12 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.8.10</version>
+			<version>2.8.11.3</version>
 		</dependency>
 		<dependency>
 			<groupId>org.owasp.esapi</groupId>
 			<artifactId>esapi</artifactId>
-			<version>2.1.0.1</version>
+			<version>2.2.0.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>log4j</groupId>
diff --git a/ecomp-sdk/epsdk-logger/pom.xml b/ecomp-sdk/epsdk-logger/pom.xml
index 3f0f7df0..b7e0b644 100644
--- a/ecomp-sdk/epsdk-logger/pom.xml
+++ b/ecomp-sdk/epsdk-logger/pom.xml
@@ -17,7 +17,7 @@
        <dependency>
 			<groupId>com.att.eelf</groupId>
 			<artifactId>eelf-core</artifactId>
-			<version>1.0.0</version>
+			<version>1.0.0-oss</version>
 		</dependency>
 		<dependency>
 			<groupId>javax.servlet</groupId>
diff --git a/ecomp-sdk/epsdk-music/pom.xml b/ecomp-sdk/epsdk-music/pom.xml
index 5c442a91..cfbc41c1 100644
--- a/ecomp-sdk/epsdk-music/pom.xml
+++ b/ecomp-sdk/epsdk-music/pom.xml
@@ -18,7 +18,7 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<springframework.version>4.2.3.RELEASE</springframework.version>
+		<springframework.version>4.3.20.RELEASE</springframework.version>
 		<jersey1.version>1.19.4</jersey1.version>
 		<jaxrs.version>2.0.1</jaxrs.version>
 		<cassandra.version>3.0.0</cassandra.version>
diff --git a/ecomp-sdk/epsdk-workflow/pom.xml b/ecomp-sdk/epsdk-workflow/pom.xml
index 707e1fb1..f08b65f8 100644
--- a/ecomp-sdk/epsdk-workflow/pom.xml
+++ b/ecomp-sdk/epsdk-workflow/pom.xml
@@ -40,7 +40,7 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.8.10</version>
+			<version>2.8.11.4</version>
 		</dependency>
 		<dependency>
 			<groupId>javax.servlet</groupId>
@@ -55,7 +55,7 @@
 		<dependency>
 			<groupId>org.hibernate</groupId>
 			<artifactId>hibernate-validator</artifactId>
-			<version>5.1.3.Final</version>
+			<version>5.2.1.Final</version>
 		</dependency>
 		<dependency>
 			<groupId>org.json</groupId>
-- 
cgit 1.2.3-korg