From a48c2efc10c5c011080228ad81005b9029270c8f Mon Sep 17 00:00:00 2001
From: Victor Gao <victor.gao@huawei.com>
Date: Wed, 14 Nov 2018 18:52:10 +0800
Subject: Fix vulnerability issue in driver

CVE-2016-6812
CVE-2018-1270
CVE-2018-11039
SONATYPE-2015-0002
CVE-2014-3578
CVE-2018-1257
CVE-2017-12624
CVE-2018-8039

Change-Id: I59014c277df9bf201bb672a108a82a2deb0ed95b
Issue-ID: VFC-1187
Signed-off-by: Victor Gao <victor.gao@huawei.com>
---
 .../vnfmadapter/VnfmadapterService/service/pom.xml | 48 ++++++++++++++++------
 1 file changed, 35 insertions(+), 13 deletions(-)

(limited to 'huawei/vnfmadapter/VnfmadapterService/service/pom.xml')

diff --git a/huawei/vnfmadapter/VnfmadapterService/service/pom.xml b/huawei/vnfmadapter/VnfmadapterService/service/pom.xml
index ac7e7542..fd614501 100644
--- a/huawei/vnfmadapter/VnfmadapterService/service/pom.xml
+++ b/huawei/vnfmadapter/VnfmadapterService/service/pom.xml
@@ -73,11 +73,22 @@
             <artifactId>com.springsource.org.apache.commons.codec</artifactId>
             <version>1.3.0</version>
         </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.2.2</version>
+        </dependency>
         <dependency>
             <groupId>net.sf.json-lib</groupId>
             <artifactId>json-lib</artifactId>
             <version>2.4</version>
             <classifier>jdk15</classifier>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-collections</groupId>
+                    <artifactId>commons-collections</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
@@ -106,11 +117,22 @@
             <groupId>org.mariadb.jdbc</groupId>
             <artifactId>mariadb-java-client</artifactId>
             <version>2.2.2</version>
+        </dependency>
+		<dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-transports-http</artifactId>
+            <version>3.1.17</version>
         </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-frontend-jaxrs</artifactId>
-            <version>3.1.6</version>
+            <version>3.1.17</version>
+			<exclusions>
+                <exclusion>
+                    <groupId>org.apache.cxf</groupId>
+                    <artifactId>cxf-rt-transports-http</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.mybatis</groupId>
@@ -126,47 +148,47 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-beans</artifactId>
-            <version>3.1.0.RELEASE</version>
+            <version>4.3.18.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-context</artifactId>
-            <version>3.1.0.RELEASE</version>
+            <version>4.3.18.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-core</artifactId>
-            <version>3.1.0.RELEASE</version>
+            <version>4.3.18.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>
-            <version>3.2.14.RELEASE</version>
+            <version>4.3.18.RELEASE</version>
         </dependency>
-        <dependency>
+        <!--dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-asm</artifactId>
             <version>3.1.0.RELEASE</version>
-        </dependency>
+        </dependency-->
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-expression</artifactId>
-            <version>3.1.0.RELEASE</version>
+            <version>4.3.18.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-aop</artifactId>
-            <version>3.1.0.RELEASE</version>
+            <version>4.3.18.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-jdbc</artifactId>
-            <version>3.1.0.RELEASE</version>
+            <version>4.3.18.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-test</artifactId>
-            <version>3.1.0.RELEASE</version>
+            <version>4.3.18.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.codehaus.jackson</groupId>
@@ -214,11 +236,11 @@
             <artifactId>commons-httpclient</artifactId>
             <version>3.1</version>
         </dependency>
-        <dependency>
+        <!--dependency>
             <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-frontend-jaxrs</artifactId>
             <version>3.1.6</version>
-        </dependency>
+        </dependency -->
 
         <!-- UT coverage dependency start -->
         <dependency>
-- 
cgit 1.2.3-korg