From 3c32e16281ac683470a2f7b247b96b72ba7599d3 Mon Sep 17 00:00:00 2001
From: guochuyicmri <guochuyi@chinamobile.com>
Date: Mon, 6 May 2019 23:16:20 +0800
Subject: Fix usecase-ui-server security risk issues

Change-Id: I05720f1b7ad4e81bcfff568e91af7c0c52bb5c98
Issue-ID: USECASEUI-258
Signed-off-by: guochuyicmri <guochuyi@chinamobile.com>
---
 server/pom.xml | 41 +++++++++++++++++++++++++++++++++++++----
 1 file changed, 37 insertions(+), 4 deletions(-)

diff --git a/server/pom.xml b/server/pom.xml
index 16774f9d..8329c87e 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -132,10 +132,6 @@
             <artifactId>spring-security-test</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-core</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-orm</artifactId>
@@ -163,6 +159,43 @@
             <version>${javax.persistence.version}</version>
         </dependency>
 
+        <!-- security vulnerabilities -->
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>1.2.3</version>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-http</artifactId>
+            <version>9.4.14.v20181114</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.data</groupId>
+            <artifactId>spring-data-rest-webmvc</artifactId>
+            <version>2.6.7.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-expression</artifactId>
+            <version>5.1.5.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.data</groupId>
+            <artifactId>spring-data-commons</artifactId>
+            <version>1.13.18.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+            <version>4.3.22.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-core</artifactId>
+            <version>4.3.22.RELEASE</version>
+        </dependency>
+
         <!-- commons-csv -->
         <dependency>
             <groupId>org.apache.commons</groupId>
-- 
cgit 1.2.3-korg