diff options
author | vasraz <vasyl.razinkov@est.tech> | 2020-06-11 17:05:29 +0100 |
---|---|---|
committer | Ofir Sonsino <ofir.sonsino@intl.att.com> | 2020-06-15 07:50:00 +0000 |
commit | ca685bb55cd192ab58c62663a31f5292697a4182 (patch) | |
tree | fe3f78611ab839ab6028cfebb2178ba55136bd93 | |
parent | b3acc89be057e65e296992320bf8f36b888e4c3d (diff) |
Fix Critical security vulnerability
com.fasterxml.jackson.core : jackson-databind : 2.9.9
Change-Id: I81af7879cb1fbcd158177a3dc220b704ff2f3388
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3111
-rw-r--r-- | asdctool/pom.xml | 44 | ||||
-rw-r--r-- | catalog-be/pom.xml | 79 | ||||
-rw-r--r-- | catalog-dao/pom.xml | 6 | ||||
-rw-r--r-- | catalog-fe/pom.xml | 7 | ||||
-rw-r--r-- | catalog-model/pom.xml | 25 | ||||
-rw-r--r-- | common-app-api/pom.xml | 12 | ||||
-rw-r--r-- | common-be/pom.xml | 25 | ||||
-rwxr-xr-x | common/onap-common-configuration-management/onap-configuration-management-core/pom.xml | 6 | ||||
-rw-r--r-- | common/onap-tosca-datatype/pom.xml | 11 | ||||
-rw-r--r-- | onboarding/pom.xml | 7 | ||||
-rw-r--r-- | openecomp-be/backend/openecomp-sdc-security-util/pom.xml | 13 | ||||
-rw-r--r-- | openecomp-be/lib/openecomp-common-lib/pom.xml | 6 | ||||
-rw-r--r-- | pom.xml | 4 | ||||
-rw-r--r-- | test-apis-ci/pom.xml | 7 | ||||
-rw-r--r-- | ui-ci/pom.xml | 26 | ||||
-rw-r--r-- | utils/DmaapPublisher/pom.xml | 5 |
16 files changed, 252 insertions, 31 deletions
diff --git a/asdctool/pom.xml b/asdctool/pom.xml index b685620bab..76cd7b4840 100644 --- a/asdctool/pom.xml +++ b/asdctool/pom.xml @@ -48,19 +48,34 @@ <version>${project.version}</version> <scope>compile</scope> </dependency> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + <version>${jackson.version}</version> + </dependency> <dependency> <groupId>org.openecomp.sdc.be</groupId> <artifactId>catalog-dao</artifactId> <version>${project.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.openecomp.sdc.be</groupId> <artifactId>catalog-model</artifactId> <version>${project.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> @@ -74,6 +89,10 @@ <exclusions> <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + <exclusion> <groupId>org.openecomp.ecompsdkos</groupId> <artifactId>epsdk-fw</artifactId> </exclusion> @@ -296,7 +315,12 @@ <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>${jackson.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <!-- Explicitly specified in order to override older version included by epsdk-fw --> @@ -390,7 +414,12 @@ <groupId>com.fasterxml.jackson.dataformat</groupId> <artifactId>jackson-dataformat-yaml</artifactId> <version>${jackson.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <!-- CASSANDRA --> @@ -437,7 +466,12 @@ <groupId>de.ruedigermoeller</groupId> <artifactId>fst</artifactId> <version>2.47</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <!-- testing --> diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml index 7f34e15c56..47650bd8c7 100644 --- a/catalog-be/pom.xml +++ b/catalog-be/pom.xml @@ -38,17 +38,32 @@ <!--JSON and YAML Parsing--> <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + <version>${jackson.version}</version> + </dependency> + <dependency> <groupId>com.fasterxml.jackson.dataformat</groupId> <artifactId>jackson-dataformat-yaml</artifactId> <version>${jackson.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>${jackson.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -63,6 +78,12 @@ <groupId>io.swagger.core.v3</groupId> <artifactId>swagger-jaxrs2</artifactId> <version>${swagger.version}</version> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>io.swagger.core.v3</groupId> @@ -75,7 +96,12 @@ <groupId>org.openecomp.sdc</groupId> <artifactId>common-app-api</artifactId> <version>${project.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -95,14 +121,24 @@ <groupId>org.openecomp.sdc.be</groupId> <artifactId>catalog-dao</artifactId> <version>${project.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.openecomp.sdc.be</groupId> <artifactId>catalog-model</artifactId> <version>${project.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -141,7 +177,12 @@ <groupId>org.glassfish.jersey.media</groupId> <artifactId>jersey-media-json-jackson</artifactId> <version>${jersey-bom.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -510,6 +551,10 @@ <groupId>com.att.aft</groupId> <artifactId>dme2</artifactId> </exclusion> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -672,6 +717,12 @@ <groupId>org.onap.sdc.common</groupId> <artifactId>onap-tosca-datatype</artifactId> <version>${project.version}</version> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.commons</groupId> @@ -688,11 +739,17 @@ <artifactId>security-util-lib</artifactId> <version>${security.util.lib.version}</version> </dependency> - <dependency> - <groupId>org.openecomp.sdc.core</groupId> - <artifactId>openecomp-tosca-lib</artifactId> - <version>${project.version}</version> - </dependency> + <dependency> + <groupId>org.openecomp.sdc.core</groupId> + <artifactId>openecomp-tosca-lib</artifactId> + <version>${project.version}</version> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> + </dependency> </dependencies> <build> diff --git a/catalog-dao/pom.xml b/catalog-dao/pom.xml index ba2ec97c3b..06cb1e81a0 100644 --- a/catalog-dao/pom.xml +++ b/catalog-dao/pom.xml @@ -128,6 +128,12 @@ Modifications copyright (c) 2018 Nokia <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>${jackson.version}</version> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/catalog-fe/pom.xml b/catalog-fe/pom.xml index 3781bb59e3..60353a8ec3 100644 --- a/catalog-fe/pom.xml +++ b/catalog-fe/pom.xml @@ -135,7 +135,12 @@ <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>${jackson.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/catalog-model/pom.xml b/catalog-model/pom.xml index 051313602f..98e8c24d26 100644 --- a/catalog-model/pom.xml +++ b/catalog-model/pom.xml @@ -28,6 +28,11 @@ <version>${junitJupiter.version}</version> <scope>test</scope> </dependency> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + <version>${jackson.version}</version> + </dependency> <!-- Common of SDC --> <dependency> @@ -35,6 +40,12 @@ <artifactId>common-app-api</artifactId> <version>${project.version}</version> <scope>provided</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -70,6 +81,12 @@ <artifactId>catalog-dao</artifactId> <version>${project.version}</version> <scope>provided</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -315,7 +332,13 @@ <groupId>org.openecomp.sdc.core</groupId> <artifactId>openecomp-tosca-lib</artifactId> <version>${project.version}</version> - </dependency> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> + </dependency> </dependencies> <build> diff --git a/common-app-api/pom.xml b/common-app-api/pom.xml index 210a9b25a6..323bcf822b 100644 --- a/common-app-api/pom.xml +++ b/common-app-api/pom.xml @@ -113,6 +113,12 @@ <artifactId>jersey-media-json-jackson</artifactId> <version>${jersey-bom.version}</version> <scope>provided</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-annotations</artifactId> + </exclusion> + </exclusions> </dependency> <!-- Aspects --> @@ -142,6 +148,12 @@ <artifactId>jackson-databind</artifactId> <version>${jackson.version}</version> <scope>provided</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/common-be/pom.xml b/common-be/pom.xml index f08154f707..2005537798 100644 --- a/common-be/pom.xml +++ b/common-be/pom.xml @@ -28,12 +28,23 @@ <scope>test</scope> </dependency> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + <version>${jackson.version}</version> + </dependency> + <!-- Common of SD&C --> <dependency> <groupId>org.openecomp.sdc</groupId> <artifactId>common-app-api</artifactId> <version>${project.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -68,6 +79,12 @@ <artifactId>jackson-databind</artifactId> <version>${jackson.version}</version> <scope>provided</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -104,6 +121,12 @@ <groupId>org.onap.sdc.common</groupId> <artifactId>onap-tosca-datatype</artifactId> <version>${tosca.datatype.version}</version> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.onap.sdc.sdc-tosca</groupId> diff --git a/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml b/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml index eed797829e..1583aa90d0 100755 --- a/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml +++ b/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml @@ -48,6 +48,12 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.fasterxml.jackson.dataformat</groupId> diff --git a/common/onap-tosca-datatype/pom.xml b/common/onap-tosca-datatype/pom.xml index 6292c561c1..91b4202b09 100644 --- a/common/onap-tosca-datatype/pom.xml +++ b/common/onap-tosca-datatype/pom.xml @@ -61,8 +61,19 @@ </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + <version>${jackson.version}</version> + </dependency> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>${jackson.version}</version> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.mockito</groupId> diff --git a/onboarding/pom.xml b/onboarding/pom.xml index 7d3f967638..c86cca4ef8 100644 --- a/onboarding/pom.xml +++ b/onboarding/pom.xml @@ -91,7 +91,6 @@ <javax.el-api.version>3.0.1-b04</javax.el-api.version> <javax.inject.version>1</javax.inject.version> <javax.servlet.version>2.5</javax.servlet.version> - <jackson.version>2.9.9</jackson.version> <jackson.annotations.version>${jackson.version}</jackson.annotations.version> <jackson.dataformat.version>${jackson.version}</jackson.dataformat.version> <jcommander.version>1.58</jcommander.version> @@ -236,6 +235,12 @@ <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>${jackson.version}</version> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.fasterxml.jackson.dataformat</groupId> diff --git a/openecomp-be/backend/openecomp-sdc-security-util/pom.xml b/openecomp-be/backend/openecomp-sdc-security-util/pom.xml index d9370ac6af..9d0c33ee63 100644 --- a/openecomp-be/backend/openecomp-sdc-security-util/pom.xml +++ b/openecomp-be/backend/openecomp-sdc-security-util/pom.xml @@ -39,8 +39,19 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + <version>${jackson.version}</version> + </dependency> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>2.9.9</version> + <version>${jackson.version}</version> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/openecomp-be/lib/openecomp-common-lib/pom.xml b/openecomp-be/lib/openecomp-common-lib/pom.xml index 5a4e78698c..647675f840 100644 --- a/openecomp-be/lib/openecomp-common-lib/pom.xml +++ b/openecomp-be/lib/openecomp-common-lib/pom.xml @@ -54,6 +54,12 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.amdocs.zusammen</groupId> @@ -67,8 +67,8 @@ Modifications copyright (c) 2018-2019 Nokia <jetty.version>9.4.18.v20190429</jetty.version> <!-- JSON and YAML Parsing --> - <jackson.version>2.9.9</jackson.version> - <jackson-annotations.version>2.9.9</jackson-annotations.version> + <jackson.version>2.10.0</jackson.version> + <jackson-annotations.version>${jackson.version}</jackson-annotations.version> <jackson.mapper.version>1.9.13</jackson.mapper.version> <clearspring.version>2.1.1</clearspring.version> diff --git a/test-apis-ci/pom.xml b/test-apis-ci/pom.xml index 1613c476f6..cfe1ac99ed 100644 --- a/test-apis-ci/pom.xml +++ b/test-apis-ci/pom.xml @@ -306,7 +306,12 @@ <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>${jackson.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/ui-ci/pom.xml b/ui-ci/pom.xml index da09985cca..4c24d2d5d5 100644 --- a/ui-ci/pom.xml +++ b/ui-ci/pom.xml @@ -87,10 +87,21 @@ </dependency> <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + <version>${jackson.version}</version> + </dependency> + + <dependency> <groupId>org.openecomp.sdc</groupId> <artifactId>test-apis-ci</artifactId> <version>${project.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -175,7 +186,12 @@ <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>${jackson.version}</version> - <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -261,6 +277,12 @@ to browsermob-core --> <artifactId>browsermob-core</artifactId> <version>2.1.4</version> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/utils/DmaapPublisher/pom.xml b/utils/DmaapPublisher/pom.xml index b2b013e2a2..1a8cf652c2 100644 --- a/utils/DmaapPublisher/pom.xml +++ b/utils/DmaapPublisher/pom.xml @@ -6,11 +6,6 @@ <artifactId>dmaap-publisher</artifactId> <version>1.0.0</version> - - <properties> - <fasterxml.jackson.version>2.8.6</fasterxml.jackson.version> - </properties> - <dependencies> <!--JUnit Jupiter Engine to depend on the JUnit5 engine and JUnit 5 API --> <dependency> |