From 03c53c05213f0c01b8b9b03025129b9fbe801384 Mon Sep 17 00:00:00 2001
From: "Lo, WEI-TING(wl849v)" <wl849v@att.com>
Date: Tue, 27 Mar 2018 19:24:12 -0400
Subject: Security Vulnerabilities

Issue-ID: PORTAL-155

Includes Security Vulnerabilities and music jar

Change-Id: Id85471555461adf2127db66ed3d4f4a3d5a06fe4
Signed-off-by: Lo, WEI-TING(wl849v) <wl849v@att.com>
---
 ecomp-sdk/epsdk-app-common/pom.xml | 93 +++++++++++---------------------------
 1 file changed, 27 insertions(+), 66 deletions(-)

(limited to 'ecomp-sdk/epsdk-app-common')

diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml
index e9eec2ac..6e4f9e19 100644
--- a/ecomp-sdk/epsdk-app-common/pom.xml
+++ b/ecomp-sdk/epsdk-app-common/pom.xml
@@ -172,6 +172,12 @@
 			<groupId>org.elasticsearch</groupId>
 			<artifactId>elasticsearch</artifactId>
 			<version>2.2.0</version>
+			<exclusions> 
+				<exclusion> 
+					<groupId>org.apache.lucene</groupId> 
+					<artifactId>lucene-queryparser</artifactId> 
+				</exclusion> 
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.json</groupId>
@@ -245,6 +251,14 @@
         	<groupId>commons-httpclient</groupId>
             <artifactId>commons-httpclient</artifactId>
 		</exclusion>
+		<exclusion> 
+        	<groupId>xerces</groupId> 
+            <artifactId>xercesImpl</artifactId> 
+		</exclusion> 
+        <exclusion> 
+        	<groupId>commons-collections</groupId> 
+            <artifactId>commons-collections</artifactId> 
+		</exclusion>
         </exclusions>
 	</dependency>
 	<!-- Jacoco for offline instrumentation -->
@@ -254,11 +268,7 @@
 			<version>${jacoco.version}</version>
 			<classifier>runtime</classifier>
 		</dependency>
-		<dependency>
-    		<groupId>org.apache.lucene</groupId>
-    		<artifactId>lucene-queryparser</artifactId>
-    		<version>7.2.1</version>
-		</dependency>
+
 		<dependency>
     		<groupId>com.thoughtworks.xstream</groupId>
     		<artifactId>xstream</artifactId>
@@ -287,68 +297,9 @@
 		<dependency>
     		<groupId>commons-beanutils</groupId>
     		<artifactId>commons-beanutils</artifactId>
-    		<version>1.9.2</version>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.poi</groupId>
-			<artifactId>poi</artifactId>
-			<version>3.17</version>
-			<exclusions>
-				<exclusion>
-					<groupId>commons-logging</groupId>
-					<artifactId>commons-logging</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>log4j</groupId>
-					<artifactId>log4j</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.poi</groupId>
-			<artifactId>poi-ooxml</artifactId>
-			<version>3.17</version>
-			<exclusions>
-				<exclusion>
-					<groupId>commons-logging</groupId>
-					<artifactId>commons-logging</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>log4j</groupId>
-					<artifactId>log4j</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.poi</groupId>
-			<artifactId>poi-scratchpad</artifactId>
-			<version>3.17</version>
-			<exclusions>
-				<exclusion>
-					<groupId>commons-logging</groupId>
-					<artifactId>commons-logging</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>log4j</groupId>
-					<artifactId>log4j</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.poi</groupId>
-			<artifactId>poi-contrib</artifactId>
-			<version>3.5-FINAL</version>
-			<exclusions>
-				<exclusion>
-					<groupId>commons-logging</groupId>
-					<artifactId>commons-logging</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>log4j</groupId>
-					<artifactId>log4j</artifactId>
-				</exclusion>
-			</exclusions>
+    		<version>1.9.3</version>
 		</dependency>
+		
 		<dependency>
 			<groupId>org.apache.httpcomponents</groupId>
 			<artifactId>httpclient</artifactId>
@@ -359,5 +310,15 @@
     		<artifactId>xalan</artifactId>
     		<version>2.7.2</version>
 		</dependency>	
+		<dependency> 
+    		<groupId>xerces</groupId> 
+    		<artifactId>xercesImpl</artifactId> 
+    		<version>2.11.0.SP5</version> 
+		</dependency> 
+		<dependency> 
+    		<groupId>commons-collections</groupId> 
+    		<artifactId>commons-collections</artifactId> 
+    		<version>3.2.2</version> 
+		</dependency>
 	</dependencies>
 </project>
-- 
cgit 1.2.3-korg