summaryrefslogtreecommitdiffstats
path: root/service/pom.xml
diff options
context:
space:
mode:
authorVictor Gao <victor.gao@huawei.com>2018-11-15 16:31:25 +0800
committerVictor Gao <victor.gao@huawei.com>2018-11-15 16:31:25 +0800
commit9f1cac89181d9743316c4311c7d0b1e7eda5789e (patch)
treeddbb81d6a453939ed15ea868ef3048b319d2545d /service/pom.xml
parent7a97a7c08cfcf2e0670cb42c2e99ee79e8b57c29 (diff)
Fix vulnerability issue in multivimproxy3.0.1-ONAP3.0.0-ONAP1.2.1
upgrade springframework from 3.x to 4.x CVE-2016-6812 CVE-2018-1270 CVE-2018-11039 SONATYPE-2015-0002 CVE-2014-3578 CVE-2018-1257 CVE-2017-12624 CVE-2018-8039 Change-Id: I671cf3c3fa29a4d935867d5030d77668a785dd88 Issue-ID: VFC-1187 Signed-off-by: Victor Gao <victor.gao@huawei.com>
Diffstat (limited to 'service/pom.xml')
-rw-r--r--service/pom.xml46
1 files changed, 34 insertions, 12 deletions
diff --git a/service/pom.xml b/service/pom.xml
index 498ff56..da71144 100644
--- a/service/pom.xml
+++ b/service/pom.xml
@@ -65,10 +65,21 @@
<version>1.3.0</version>
</dependency>
<dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.2</version>
+ </dependency>
+ <dependency>
<groupId>net.sf.json-lib</groupId>
<artifactId>json-lib</artifactId>
<version>2.4</version>
<classifier>jdk15</classifier>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- dependency>
<groupId>org.eclipse.jetty.orbit</groupId>
@@ -91,7 +102,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>3.1.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
@@ -138,53 +149,64 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>3.2.14.RELEASE</version>
</dependency>
- <dependency>
+ <!--dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-asm</artifactId>
- <version>3.1.0.RELEASE</version>
- </dependency>
+ <version>4.3.18.RELEASE</version>
+ </dependency-->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
- <version>3.1.0.RELEASE</version>
+ <version>4.3.18.RELEASE</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-http</artifactId>
+ <version>3.1.17</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
- <version>3.1.6</version>
+ <version>3.1.17</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-http</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- UT coverage dependency start -->
<dependency>