diff options
| author |   vasraz <vasyl.razinkov@est.tech> | 2022-03-03 11:38:39 +0000 |
|---|---|---|
| committer | Vasyl Razinkov <vasyl.razinkov@est.tech> | 2022-03-03 14:34:04 +0000 |
| commit | 584dfd7712be7c238ef86c8ea4d009a61b33c75c (patch) | |
| tree | 1229ad848b21af14057393b4aece114f9e416616 | |
| parent | 3dcbae860f1a4bc8e6596cddc9cb19611d0c3dc7 (diff) | |
Update vulnerable dependencies
Change-Id: Id1098d2e0aceb3fb507e32994925d36f23ad8517
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3895
| -rw-r--r-- | asdctool/src/main/java/org/openecomp/sdc/asdctool/App.java | 4 | ||||
| -rw-r--r-- | catalog-be/pom.xml | 12 | ||||
| -rw-r--r-- | catalog-be/src/main/docker/backend/Dockerfile | 2 | ||||
| -rw-r--r-- | catalog-fe/pom.xml | 4 | ||||
| -rw-r--r-- | catalog-fe/sdc-frontend/Dockerfile | 2 | ||||
| -rwxr-xr-x | common/onap-common-configuration-management/onap-configuration-management-core/pom.xml | 2 | ||||
| -rw-r--r-- | integration-tests/pom.xml | 6 | ||||
| -rw-r--r-- | openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile | 2 | ||||
| -rw-r--r-- | pom.xml | 7 | ||||
| -rw-r--r-- | utils/webseal-simulator/sdc-simulator/Dockerfile | 2 |
10 files changed, 28 insertions, 15 deletions
diff --git a/asdctool/src/main/java/org/openecomp/sdc/asdctool/App.java b/asdctool/src/main/java/org/openecomp/sdc/asdctool/App.java index db541a810c..2f7aa0a213 100644 --- a/asdctool/src/main/java/org/openecomp/sdc/asdctool/App.java +++ b/asdctool/src/main/java/org/openecomp/sdc/asdctool/App.java @@ -22,6 +22,7 @@ package org.openecomp.sdc.asdctool; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; +import org.glassfish.jersey.servlet.ServletContainer; /** * Hello world! @@ -34,7 +35,7 @@ public class App { context.setContextPath("/asdctool"); Server jettyServer = new Server(Integer.valueOf(asdcToolPort)); jettyServer.setHandler(context); - ServletHolder jerseyServlet = context.addServlet(org.glassfish.jersey.servlet.ServletContainer.class, "/*"); + ServletHolder jerseyServlet = context.addServlet(ServletContainer.class.getName(), "/*"); jerseyServlet.setInitOrder(0); // Tells the Jersey Servlet which REST service/class to load. @@ -59,4 +60,3 @@ public class App { } } } - diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml index 8bf5515d87..8cddf173d6 100644 --- a/catalog-be/pom.xml +++ b/catalog-be/pom.xml @@ -604,14 +604,14 @@ <version>${org.owasp.esapi.version}</version> <exclusions> <exclusion> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - </exclusion> - <exclusion> <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> <exclusion> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + </exclusion> + <exclusion> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> </exclusion> @@ -627,6 +627,10 @@ <groupId>xml-apis</groupId> <artifactId>xml-apis</artifactId> </exclusion> + <exclusion> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + </exclusion> </exclusions> </dependency> <dependency> diff --git a/catalog-be/src/main/docker/backend/Dockerfile b/catalog-be/src/main/docker/backend/Dockerfile index 5e49f57202..902695519b 100644 --- a/catalog-be/src/main/docker/backend/Dockerfile +++ b/catalog-be/src/main/docker/backend/Dockerfile @@ -26,7 +26,7 @@ RUN mkdir $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER USER onap #Download jetty -RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty.version}/jetty-distribution-${jetty.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ +RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty-distribution.version}/jetty-distribution-${jetty-distribution.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ tar xvz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \ rm -rf $JETTY_FOLDER/jetty.tar.gz diff --git a/catalog-fe/pom.xml b/catalog-fe/pom.xml index b1acef904b..e7d6fe65e7 100644 --- a/catalog-fe/pom.xml +++ b/catalog-fe/pom.xml @@ -312,6 +312,10 @@ <groupId>xml-apis</groupId> <artifactId>xml-apis</artifactId> </exclusion> + <exclusion> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + </exclusion> </exclusions> </dependency> <dependency> diff --git a/catalog-fe/sdc-frontend/Dockerfile b/catalog-fe/sdc-frontend/Dockerfile index 005e5c9d2b..d0978a9ba8 100644 --- a/catalog-fe/sdc-frontend/Dockerfile +++ b/catalog-fe/sdc-frontend/Dockerfile @@ -26,7 +26,7 @@ RUN mkdir $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER USER onap #Download jetty -RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty.version}/jetty-distribution-${jetty.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ +RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty-distribution.version}/jetty-distribution-${jetty-distribution.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ tar xvz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \ rm -rf $JETTY_FOLDER/jetty.tar.gz RUN sed -i 's/"jetty"/"onap"/g' $JETTY_FOLDER/etc/jetty-setuid.xml diff --git a/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml b/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml index 02d96fdbb7..f72b77655f 100755 --- a/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml +++ b/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml @@ -89,7 +89,7 @@ <dependency> <groupId>io.github.classgraph</groupId> <artifactId>classgraph</artifactId> - <version>4.8.112</version> + <version>4.8.137</version> </dependency> <dependency> <groupId>com.virtlink.commons</groupId> diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml index 31abb03d84..a2d03a5815 100644 --- a/integration-tests/pom.xml +++ b/integration-tests/pom.xml @@ -333,8 +333,12 @@ limitations under the License. <scope>test</scope> <exclusions> <exclusion> - <artifactId>log4j</artifactId> <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.owasp.esapi</groupId> + <artifactId>esapi</artifactId> </exclusion> </exclusions> </dependency> diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile index 012ebeec52..aa9929c2c4 100644 --- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile +++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile @@ -27,7 +27,7 @@ RUN mkdir $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER USER onap #Download jetty -RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty.version}/jetty-distribution-${jetty.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ +RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty-distribution.version}/jetty-distribution-${jetty-distribution.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ tar xvz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \ rm -rf $JETTY_FOLDER/jetty.tar.gz RUN sed -i 's/"jetty"/"onap"/g' $JETTY_FOLDER/etc/jetty-setuid.xml @@ -47,7 +47,7 @@ Modifications copyright (c) 2018-2019 Nokia <lang3.version>3.10</lang3.version> <guava.version>30.1-jre</guava.version> <janusgraph.version>0.3.3</janusgraph.version> - <spring.version>5.3.9</spring.version> + <spring.version>5.3.13</spring.version> <jersey-bom.version>2.34</jersey-bom.version> <netty.version>4.1.68.Final</netty.version> <servlet-api.version>4.0.1</servlet-api.version> @@ -74,7 +74,8 @@ Modifications copyright (c) 2018-2019 Nokia <javax.validation.version>2.0.1.Final</javax.validation.version> <javax.servlet.version>${servlet-api.version}</javax.servlet.version> - <jetty.version>9.4.41.v20210516</jetty.version> + <jetty.version>9.4.45.v20220203</jetty.version> + <jetty-distribution.version>9.4.45.v20220203</jetty-distribution.version> <cxf.version>3.4.4</cxf.version> <org.owasp.esapi.version>2.2.0.0</org.owasp.esapi.version> @@ -100,7 +101,7 @@ Modifications copyright (c) 2018-2019 Nokia <!-- Logging start --> <!-- logback --> - <logback.version>1.2.7</logback.version> + <logback.version>1.2.10</logback.version> <slf4j-api.version>1.7.25</slf4j-api.version> <commons-codec>1.15</commons-codec> <commons-logging>1.2</commons-logging> diff --git a/utils/webseal-simulator/sdc-simulator/Dockerfile b/utils/webseal-simulator/sdc-simulator/Dockerfile index 7406cda9f3..6497ff810f 100644 --- a/utils/webseal-simulator/sdc-simulator/Dockerfile +++ b/utils/webseal-simulator/sdc-simulator/Dockerfile @@ -26,7 +26,7 @@ RUN mkdir $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER USER onap #Download jetty -RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty.version}/jetty-distribution-${jetty.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ +RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty-distribution.version}/jetty-distribution-${jetty-distribution.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ tar xvz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \ rm -rf $JETTY_FOLDER/jetty.tar.gz RUN sed -i 's/"jetty"/"onap"/g' $JETTY_FOLDER/etc/jetty-setuid.xml |