summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2020-06-11 17:05:29 +0100
committerOfir Sonsino <ofir.sonsino@intl.att.com>2020-06-15 07:50:00 +0000
commitca685bb55cd192ab58c62663a31f5292697a4182 (patch)
treefe3f78611ab839ab6028cfebb2178ba55136bd93
parentb3acc89be057e65e296992320bf8f36b888e4c3d (diff)
Fix Critical security vulnerability
com.fasterxml.jackson.core : jackson-databind : 2.9.9 Change-Id: I81af7879cb1fbcd158177a3dc220b704ff2f3388 Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3111
-rw-r--r--asdctool/pom.xml44
-rw-r--r--catalog-be/pom.xml79
-rw-r--r--catalog-dao/pom.xml6
-rw-r--r--catalog-fe/pom.xml7
-rw-r--r--catalog-model/pom.xml25
-rw-r--r--common-app-api/pom.xml12
-rw-r--r--common-be/pom.xml25
-rwxr-xr-xcommon/onap-common-configuration-management/onap-configuration-management-core/pom.xml6
-rw-r--r--common/onap-tosca-datatype/pom.xml11
-rw-r--r--onboarding/pom.xml7
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/pom.xml13
-rw-r--r--openecomp-be/lib/openecomp-common-lib/pom.xml6
-rw-r--r--pom.xml4
-rw-r--r--test-apis-ci/pom.xml7
-rw-r--r--ui-ci/pom.xml26
-rw-r--r--utils/DmaapPublisher/pom.xml5
16 files changed, 252 insertions, 31 deletions
diff --git a/asdctool/pom.xml b/asdctool/pom.xml
index b685620bab..76cd7b4840 100644
--- a/asdctool/pom.xml
+++ b/asdctool/pom.xml
@@ -48,19 +48,34 @@
<version>${project.version}</version>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>${jackson.version}</version>
+ </dependency>
<dependency>
<groupId>org.openecomp.sdc.be</groupId>
<artifactId>catalog-dao</artifactId>
<version>${project.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.openecomp.sdc.be</groupId>
<artifactId>catalog-model</artifactId>
<version>${project.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
@@ -74,6 +89,10 @@
<exclusions>
<exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>org.openecomp.ecompsdkos</groupId>
<artifactId>epsdk-fw</artifactId>
</exclusion>
@@ -296,7 +315,12 @@
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- Explicitly specified in order to override older version included by epsdk-fw -->
@@ -390,7 +414,12 @@
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-yaml</artifactId>
<version>${jackson.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- CASSANDRA -->
@@ -437,7 +466,12 @@
<groupId>de.ruedigermoeller</groupId>
<artifactId>fst</artifactId>
<version>2.47</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- testing -->
diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml
index 7f34e15c56..47650bd8c7 100644
--- a/catalog-be/pom.xml
+++ b/catalog-be/pom.xml
@@ -38,17 +38,32 @@
<!--JSON and YAML Parsing-->
<dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>${jackson.version}</version>
+ </dependency>
+ <dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-yaml</artifactId>
<version>${jackson.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -63,6 +78,12 @@
<groupId>io.swagger.core.v3</groupId>
<artifactId>swagger-jaxrs2</artifactId>
<version>${swagger.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>io.swagger.core.v3</groupId>
@@ -75,7 +96,12 @@
<groupId>org.openecomp.sdc</groupId>
<artifactId>common-app-api</artifactId>
<version>${project.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -95,14 +121,24 @@
<groupId>org.openecomp.sdc.be</groupId>
<artifactId>catalog-dao</artifactId>
<version>${project.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.openecomp.sdc.be</groupId>
<artifactId>catalog-model</artifactId>
<version>${project.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -141,7 +177,12 @@
<groupId>org.glassfish.jersey.media</groupId>
<artifactId>jersey-media-json-jackson</artifactId>
<version>${jersey-bom.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -510,6 +551,10 @@
<groupId>com.att.aft</groupId>
<artifactId>dme2</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -672,6 +717,12 @@
<groupId>org.onap.sdc.common</groupId>
<artifactId>onap-tosca-datatype</artifactId>
<version>${project.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
@@ -688,11 +739,17 @@
<artifactId>security-util-lib</artifactId>
<version>${security.util.lib.version}</version>
</dependency>
- <dependency>
- <groupId>org.openecomp.sdc.core</groupId>
- <artifactId>openecomp-tosca-lib</artifactId>
- <version>${project.version}</version>
- </dependency>
+ <dependency>
+ <groupId>org.openecomp.sdc.core</groupId>
+ <artifactId>openecomp-tosca-lib</artifactId>
+ <version>${project.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
</dependencies>
<build>
diff --git a/catalog-dao/pom.xml b/catalog-dao/pom.xml
index ba2ec97c3b..06cb1e81a0 100644
--- a/catalog-dao/pom.xml
+++ b/catalog-dao/pom.xml
@@ -128,6 +128,12 @@ Modifications copyright (c) 2018 Nokia
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/catalog-fe/pom.xml b/catalog-fe/pom.xml
index 3781bb59e3..60353a8ec3 100644
--- a/catalog-fe/pom.xml
+++ b/catalog-fe/pom.xml
@@ -135,7 +135,12 @@
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/catalog-model/pom.xml b/catalog-model/pom.xml
index 051313602f..98e8c24d26 100644
--- a/catalog-model/pom.xml
+++ b/catalog-model/pom.xml
@@ -28,6 +28,11 @@
<version>${junitJupiter.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>${jackson.version}</version>
+ </dependency>
<!-- Common of SDC -->
<dependency>
@@ -35,6 +40,12 @@
<artifactId>common-app-api</artifactId>
<version>${project.version}</version>
<scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -70,6 +81,12 @@
<artifactId>catalog-dao</artifactId>
<version>${project.version}</version>
<scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -315,7 +332,13 @@
<groupId>org.openecomp.sdc.core</groupId>
<artifactId>openecomp-tosca-lib</artifactId>
<version>${project.version}</version>
- </dependency>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
</dependencies>
<build>
diff --git a/common-app-api/pom.xml b/common-app-api/pom.xml
index 210a9b25a6..323bcf822b 100644
--- a/common-app-api/pom.xml
+++ b/common-app-api/pom.xml
@@ -113,6 +113,12 @@
<artifactId>jersey-media-json-jackson</artifactId>
<version>${jersey-bom.version}</version>
<scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- Aspects -->
@@ -142,6 +148,12 @@
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
<scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/common-be/pom.xml b/common-be/pom.xml
index f08154f707..2005537798 100644
--- a/common-be/pom.xml
+++ b/common-be/pom.xml
@@ -28,12 +28,23 @@
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>${jackson.version}</version>
+ </dependency>
+
<!-- Common of SD&C -->
<dependency>
<groupId>org.openecomp.sdc</groupId>
<artifactId>common-app-api</artifactId>
<version>${project.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -68,6 +79,12 @@
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
<scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -104,6 +121,12 @@
<groupId>org.onap.sdc.common</groupId>
<artifactId>onap-tosca-datatype</artifactId>
<version>${tosca.datatype.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.onap.sdc.sdc-tosca</groupId>
diff --git a/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml b/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml
index eed797829e..1583aa90d0 100755
--- a/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml
+++ b/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml
@@ -48,6 +48,12 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
diff --git a/common/onap-tosca-datatype/pom.xml b/common/onap-tosca-datatype/pom.xml
index 6292c561c1..91b4202b09 100644
--- a/common/onap-tosca-datatype/pom.xml
+++ b/common/onap-tosca-datatype/pom.xml
@@ -61,8 +61,19 @@
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>${jackson.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
diff --git a/onboarding/pom.xml b/onboarding/pom.xml
index 7d3f967638..c86cca4ef8 100644
--- a/onboarding/pom.xml
+++ b/onboarding/pom.xml
@@ -91,7 +91,6 @@
<javax.el-api.version>3.0.1-b04</javax.el-api.version>
<javax.inject.version>1</javax.inject.version>
<javax.servlet.version>2.5</javax.servlet.version>
- <jackson.version>2.9.9</jackson.version>
<jackson.annotations.version>${jackson.version}</jackson.annotations.version>
<jackson.dataformat.version>${jackson.version}</jackson.dataformat.version>
<jcommander.version>1.58</jcommander.version>
@@ -236,6 +235,12 @@
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/pom.xml b/openecomp-be/backend/openecomp-sdc-security-util/pom.xml
index d9370ac6af..9d0c33ee63 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/pom.xml
+++ b/openecomp-be/backend/openecomp-sdc-security-util/pom.xml
@@ -39,8 +39,19 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>${jackson.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>2.9.9</version>
+ <version>${jackson.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/openecomp-be/lib/openecomp-common-lib/pom.xml b/openecomp-be/lib/openecomp-common-lib/pom.xml
index 5a4e78698c..647675f840 100644
--- a/openecomp-be/lib/openecomp-common-lib/pom.xml
+++ b/openecomp-be/lib/openecomp-common-lib/pom.xml
@@ -54,6 +54,12 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.amdocs.zusammen</groupId>
diff --git a/pom.xml b/pom.xml
index 798ab3aabc..6b04d6f89e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -67,8 +67,8 @@ Modifications copyright (c) 2018-2019 Nokia
<jetty.version>9.4.18.v20190429</jetty.version>
<!-- JSON and YAML Parsing -->
- <jackson.version>2.9.9</jackson.version>
- <jackson-annotations.version>2.9.9</jackson-annotations.version>
+ <jackson.version>2.10.0</jackson.version>
+ <jackson-annotations.version>${jackson.version}</jackson-annotations.version>
<jackson.mapper.version>1.9.13</jackson.mapper.version>
<clearspring.version>2.1.1</clearspring.version>
diff --git a/test-apis-ci/pom.xml b/test-apis-ci/pom.xml
index 1613c476f6..cfe1ac99ed 100644
--- a/test-apis-ci/pom.xml
+++ b/test-apis-ci/pom.xml
@@ -306,7 +306,12 @@
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/ui-ci/pom.xml b/ui-ci/pom.xml
index da09985cca..4c24d2d5d5 100644
--- a/ui-ci/pom.xml
+++ b/ui-ci/pom.xml
@@ -87,10 +87,21 @@
</dependency>
<dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>${jackson.version}</version>
+ </dependency>
+
+ <dependency>
<groupId>org.openecomp.sdc</groupId>
<artifactId>test-apis-ci</artifactId>
<version>${project.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -175,7 +186,12 @@
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
- <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -261,6 +277,12 @@
to browsermob-core -->
<artifactId>browsermob-core</artifactId>
<version>2.1.4</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/utils/DmaapPublisher/pom.xml b/utils/DmaapPublisher/pom.xml
index b2b013e2a2..1a8cf652c2 100644
--- a/utils/DmaapPublisher/pom.xml
+++ b/utils/DmaapPublisher/pom.xml
@@ -6,11 +6,6 @@
<artifactId>dmaap-publisher</artifactId>
<version>1.0.0</version>
-
- <properties>
- <fasterxml.jackson.version>2.8.6</fasterxml.jackson.version>
- </properties>
-
<dependencies>
<!--JUnit Jupiter Engine to depend on the JUnit5 engine and JUnit 5 API -->
<dependency>