Fix security risk issues

Change-Id: I28ad841d4b9cd0f9c423c5899bb292c970e34e5e Issue-ID: USECASEUI-258 Signed-off-by: guochuyicmri <guochuyi@chinamobile.com>
author: guochuyicmri <guochuyi@chinamobile.com> 2019-04-29 16:39:14 +0800
committer: guochuyicmri <guochuyi@chinamobile.com> 2019-04-29 16:39:16 +0800
commit: 19256996b420af4070bb38d757ce961512d985b5 (patch)
tree: cc68e759a5d735cba4a53cac63e67c19439963c8
parent: 29ef073b595f1c1265072e0afc20a1fa7c411478 (diff)
1 files changed, 50 insertions, 30 deletions
diff --git a/server/pom.xml b/server/pom.xml
index 74a63043..0878fcfd 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -15,14 +15,14 @@
     limitations under the License.
  -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	
-	<parent>
+
+    <parent>
         <groupId>org.onap.usecase-ui.server</groupId>
         <artifactId>usecase-ui-server-parent</artifactId>
         <version>1.3.0-SNAPSHOT</version>
     </parent>
-    
-	<modelVersion>4.0.0</modelVersion>
+
+    <modelVersion>4.0.0</modelVersion>
     <groupId>org.onap.usecase-ui.server</groupId>
     <artifactId>usecase-ui-server</artifactId>
     <version>1.3.0-SNAPSHOT</version>
@@ -38,7 +38,7 @@
         <spring.version>4.3.4.RELEASE</spring.version>
         <javax.persistence.version>1.0.2</javax.persistence.version>
         <common.csv.version>1.4</common.csv.version>
-        <jackson.version>2.9.0</jackson.version>
+        <jackson.version>2.9.8</jackson.version>
     </properties>
 
     <dependencyManagement>
@@ -72,20 +72,20 @@
             <artifactId>spring-boot-starter-data-rest</artifactId>
         </dependency>
         <dependency>
-			<groupId>org.elasticsearch.client</groupId>
-			<artifactId>elasticsearch-rest-high-level-client</artifactId>
-			<version>6.6.0</version>
-			 <exclusions>
+            <groupId>org.elasticsearch.client</groupId>
+            <artifactId>elasticsearch-rest-high-level-client</artifactId>
+            <version>6.6.0</version>
+            <exclusions>
                 <exclusion>
                     <groupId>org.elasticsearch</groupId>
                     <artifactId>elasticsearch</artifactId>
                 </exclusion>
-              </exclusions>
-		</dependency>
-		 <dependency>
+            </exclusions>
+        </dependency>
+        <dependency>
             <groupId>org.elasticsearch</groupId>
             <artifactId>elasticsearch</artifactId>
-            <version>6.6.0</version>
+            <version>6.6.1</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.data</groupId>
@@ -99,18 +99,18 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
-		<!-- postgresql  dependency-->
-		<dependency>
-  			<groupId>postgresql</groupId>
-  			<artifactId>postgresql</artifactId>
-  			<version>9.1-901-1.jdbc4</version>
-		</dependency>
-		
-		<dependency>
-  			<groupId>org.postgresql</groupId>
-  			<artifactId>postgresql</artifactId>
-  			<scope>runtime</scope>
-  		</dependency>
+        <!-- postgresql  dependency-->
+        <dependency>
+            <groupId>postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+            <version>8.2-511.jdbc3</version>
+        </dependency>
+
+        <dependency>
+              <groupId>org.postgresql</groupId>
+              <artifactId>postgresql</artifactId>
+              <scope>runtime</scope>
+          </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
@@ -218,12 +218,12 @@
             <artifactId>fastjson</artifactId>
             <version>1.2.29</version>
         </dependency>
-        
+
         <dependency>
-		    <groupId>com.alibaba</groupId>
-		    <artifactId>dubbo</artifactId>
-		    <version>2.6.5</version>
-		</dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>dubbo</artifactId>
+            <version>2.6.5</version>
+        </dependency>
         <dependency>
             <groupId>org.openecomp.sdc.jtosca</groupId>
             <artifactId>jtosca</artifactId>
@@ -284,6 +284,17 @@
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
                 <configuration>
+                    <layout>ZIP</layout>
+                    <excludeGroupIds>
+                        org.eclipse.jetty
+                        dom4j
+                    </excludeGroupIds>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <configuration>
                     <executable>true</executable>
                 </configuration>
                 <executions>
@@ -326,6 +337,15 @@
                 </configuration>
             </plugin>
         </plugins>
+        <resources>
+            <resource>
+                <directory>src/main/resources</directory>
+                <excludes>
+                    <exclude>*</exclude>
+                </excludes>
+                <filtering>true</filtering>
+            </resource>
+        </resources>
     </build>
 
     <repositories>
author	guochuyicmri <guochuyi@chinamobile.com>	2019-04-29 16:39:14 +0800
committer	guochuyicmri <guochuyi@chinamobile.com>	2019-04-29 16:39:16 +0800
commit	19256996b420af4070bb38d757ce961512d985b5 (patch)
tree	cc68e759a5d735cba4a53cac63e67c19439963c8
parent	29ef073b595f1c1265072e0afc20a1fa7c411478 (diff)