From 03c53c05213f0c01b8b9b03025129b9fbe801384 Mon Sep 17 00:00:00 2001
From: "Lo, WEI-TING(wl849v)" <wl849v@att.com>
Date: Tue, 27 Mar 2018 19:24:12 -0400
Subject: Security Vulnerabilities

Issue-ID: PORTAL-155

Includes Security Vulnerabilities and music jar

Change-Id: Id85471555461adf2127db66ed3d4f4a3d5a06fe4
Signed-off-by: Lo, WEI-TING(wl849v) <wl849v@att.com>
---
 ecomp-sdk/epsdk-music/pom.xml | 78 +++++++++++++++++++++++++++----------------
 1 file changed, 49 insertions(+), 29 deletions(-)

(limited to 'ecomp-sdk/epsdk-music/pom.xml')

diff --git a/ecomp-sdk/epsdk-music/pom.xml b/ecomp-sdk/epsdk-music/pom.xml
index 3b188176..2c2a7e1b 100644
--- a/ecomp-sdk/epsdk-music/pom.xml
+++ b/ecomp-sdk/epsdk-music/pom.xml
@@ -7,7 +7,7 @@
 		<artifactId>epsdk-project</artifactId>
 		<version>2.2.0-SNAPSHOT</version>
 	</parent>
-	
+
 	<groupId>org.onap.portal.sdk</groupId>
 	<artifactId>epsdk-music</artifactId>
 	<version>2.2.0-SNAPSHOT</version>
@@ -18,7 +18,7 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<springframework.version>4.2.0.RELEASE</springframework.version>
+		<springframework.version>4.2.3.RELEASE</springframework.version>
 		<jersey1.version>1.19.4</jersey1.version>
 		<jaxrs.version>2.0.1</jaxrs.version>
 		<cassandra.version>3.0.0</cassandra.version>
@@ -108,35 +108,45 @@
 			<groupId>com.att.eelf</groupId>
 			<artifactId>eelf-core</artifactId>
 			<version>1.0.0</version>
+			<exclusions>
+				<exclusion>
+					<groupId>ch.qos.logback</groupId>
+					<artifactId>logback-classic</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>ch.qos.logback</groupId>
+					<artifactId>logback-core</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 
 		<!-- Music -->
 		<dependency>
 			<groupId>org.onap.music</groupId>
 			<artifactId>core</artifactId>
-			<version>2.4.4</version>
-		</dependency>  
-		<dependency>
+			<version>2.4.4.1</version>
+		</dependency>
+		<!-- <dependency>
 			<groupId>org.onap.music</groupId>
 			<artifactId>dependency</artifactId>
 			<version>2.4.4</version>
-		</dependency>  
+		</dependency> -->
 
 		<!-- Mapper -->
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.6.3</version>
+			<version>2.8.10</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.session</groupId>
@@ -148,6 +158,16 @@
 			<artifactId>json</artifactId>
 			<version>20160212</version>
 		</dependency>
+		<dependency>
+			<groupId>ch.qos.logback</groupId>
+			<artifactId>logback-core</artifactId>
+			<version>1.2.3</version>
+		</dependency>
+		<dependency>
+			<groupId>ch.qos.logback</groupId>
+			<artifactId>logback-classic</artifactId>
+			<version>1.2.3</version>
+		</dependency>
 	</dependencies>
 	<profiles>
 		<!-- disable doclint, a new feature in Java 8, when generating javadoc -->
@@ -186,26 +206,26 @@
 				</configuration>
 			</plugin>
 			<plugin>
-			<artifactId>maven-assembly-plugin</artifactId>
-			<configuration>
-				<archive>
-					<manifest>
-					</manifest>
-				</archive>
-				<descriptorRefs>
-					<descriptorRef>jar-with-dependencies</descriptorRef>
-				</descriptorRefs>
-			</configuration>
-			<executions>
-				<execution>
-					<id>make-assembly</id> <!-- this is used for inheritance merges -->
-					<phase>package</phase> <!-- bind to the packaging phase -->
-					<goals>
-						<goal>single</goal>
-					</goals>
-				</execution>
-			</executions>
-		</plugin>
+				<artifactId>maven-assembly-plugin</artifactId>
+				<configuration>
+					<archive>
+						<manifest>
+						</manifest>
+					</archive>
+					<descriptorRefs>
+						<descriptorRef>jar-with-dependencies</descriptorRef>
+					</descriptorRefs>
+				</configuration>
+				<executions>
+					<execution>
+						<id>make-assembly</id> <!-- this is used for inheritance merges -->
+						<phase>package</phase> <!-- bind to the packaging phase -->
+						<goals>
+							<goal>single</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 	</build>
 </project>
-- 
cgit 1.2.3-korg