From ca685bb55cd192ab58c62663a31f5292697a4182 Mon Sep 17 00:00:00 2001
From: vasraz <vasyl.razinkov@est.tech>
Date: Thu, 11 Jun 2020 17:05:29 +0100
Subject: Fix Critical security vulnerability

com.fasterxml.jackson.core : jackson-databind : 2.9.9

Change-Id: I81af7879cb1fbcd158177a3dc220b704ff2f3388
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3111
---
 asdctool/pom.xml | 44 +++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 39 insertions(+), 5 deletions(-)

(limited to 'asdctool/pom.xml')

diff --git a/asdctool/pom.xml b/asdctool/pom.xml
index b685620bab..76cd7b4840 100644
--- a/asdctool/pom.xml
+++ b/asdctool/pom.xml
@@ -48,19 +48,34 @@
       <version>${project.version}</version>
       <scope>compile</scope>
     </dependency>
+    <dependency>
+      <groupId>com.fasterxml.jackson.core</groupId>
+      <artifactId>jackson-core</artifactId>
+      <version>${jackson.version}</version>
+    </dependency>
 
     <dependency>
       <groupId>org.openecomp.sdc.be</groupId>
       <artifactId>catalog-dao</artifactId>
       <version>${project.version}</version>
-      <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
       <groupId>org.openecomp.sdc.be</groupId>
       <artifactId>catalog-model</artifactId>
       <version>${project.version}</version>
-      <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
 
@@ -73,6 +88,10 @@
       <classifier>classes</classifier>
 
       <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
         <exclusion>
           <groupId>org.openecomp.ecompsdkos</groupId>
           <artifactId>epsdk-fw</artifactId>
@@ -296,7 +315,12 @@
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
       <version>${jackson.version}</version>
-      <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <!-- Explicitly specified in order to override older version included by epsdk-fw -->
@@ -390,7 +414,12 @@
       <groupId>com.fasterxml.jackson.dataformat</groupId>
       <artifactId>jackson-dataformat-yaml</artifactId>
       <version>${jackson.version}</version>
-      <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <!-- CASSANDRA -->
@@ -437,7 +466,12 @@
       <groupId>de.ruedigermoeller</groupId>
       <artifactId>fst</artifactId>
       <version>2.47</version>
-      <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <!-- testing -->
-- 
cgit 1.2.3-korg