diff options
author | Victor Gao <victor.gao@huawei.com> | 2018-11-15 16:31:25 +0800 |
---|---|---|
committer | Victor Gao <victor.gao@huawei.com> | 2018-11-15 16:31:25 +0800 |
commit | 9f1cac89181d9743316c4311c7d0b1e7eda5789e (patch) | |
tree | ddbb81d6a453939ed15ea868ef3048b319d2545d /service/pom.xml | |
parent | 7a97a7c08cfcf2e0670cb42c2e99ee79e8b57c29 (diff) |
Fix vulnerability issue in multivimproxy3.0.1-ONAP3.0.0-ONAP1.2.1
upgrade springframework from 3.x to 4.x
CVE-2016-6812
CVE-2018-1270
CVE-2018-11039
SONATYPE-2015-0002
CVE-2014-3578
CVE-2018-1257
CVE-2017-12624
CVE-2018-8039
Change-Id: I671cf3c3fa29a4d935867d5030d77668a785dd88
Issue-ID: VFC-1187
Signed-off-by: Victor Gao <victor.gao@huawei.com>
Diffstat (limited to 'service/pom.xml')
-rw-r--r-- | service/pom.xml | 46 |
1 files changed, 34 insertions, 12 deletions
diff --git a/service/pom.xml b/service/pom.xml index 498ff56..da71144 100644 --- a/service/pom.xml +++ b/service/pom.xml @@ -65,10 +65,21 @@ <version>1.3.0</version>
</dependency>
<dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.2</version>
+ </dependency>
+ <dependency>
<groupId>net.sf.json-lib</groupId>
<artifactId>json-lib</artifactId>
<version>2.4</version>
<classifier>jdk15</classifier>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- dependency>
<groupId>org.eclipse.jetty.orbit</groupId>
@@ -91,7 +102,7 @@ <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>3.1.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
@@ -138,53 +149,64 @@ <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>3.2.14.RELEASE</version>
</dependency>
- <dependency>
+ <!--dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-asm</artifactId>
- <version>3.1.0.RELEASE</version>
- </dependency>
+ <version>4.3.18.RELEASE</version>
+ </dependency-->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-http</artifactId>
+ <version>3.1.17</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
- <version>3.1.6</version>
+ <version>3.1.17</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-http</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- UT coverage dependency start -->
<dependency>
|