From 9f1cac89181d9743316c4311c7d0b1e7eda5789e Mon Sep 17 00:00:00 2001 From: Victor Gao Date: Thu, 15 Nov 2018 16:31:25 +0800 Subject: Fix vulnerability issue in multivimproxy upgrade springframework from 3.x to 4.x CVE-2016-6812 CVE-2018-1270 CVE-2018-11039 SONATYPE-2015-0002 CVE-2014-3578 CVE-2018-1257 CVE-2017-12624 CVE-2018-8039 Change-Id: I671cf3c3fa29a4d935867d5030d77668a785dd88 Issue-ID: VFC-1187 Signed-off-by: Victor Gao --- service/pom.xml | 46 ++++++++++++----- .../ROAMultivimProxyServicePostProcessor.java | 60 ---------------------- .../resources/spring/multivimproxy/services.xml | 2 +- 3 files changed, 35 insertions(+), 73 deletions(-) delete mode 100644 service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/activator/ROAMultivimProxyServicePostProcessor.java diff --git a/service/pom.xml b/service/pom.xml index 498ff56..da71144 100644 --- a/service/pom.xml +++ b/service/pom.xml @@ -64,11 +64,22 @@ com.springsource.org.apache.commons.codec 1.3.0 + + commons-collections + commons-collections + 3.2.2 + net.sf.json-lib json-lib 2.4 jdk15 + + + commons-collections + commons-collections + + org.springframework spring-expression - 3.1.0.RELEASE + 4.3.18.RELEASE org.springframework spring-test - 3.1.0.RELEASE + 4.3.18.RELEASE + + org.apache.cxf + cxf-rt-transports-http + 3.1.17 + org.apache.cxf cxf-rt-frontend-jaxrs - 3.1.6 + 3.1.17 + + + org.apache.cxf + cxf-rt-transports-http + + diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/activator/ROAMultivimProxyServicePostProcessor.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/activator/ROAMultivimProxyServicePostProcessor.java deleted file mode 100644 index fd3f1bc..0000000 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/activator/ROAMultivimProxyServicePostProcessor.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 2016 Huawei Technologies Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onap.vfc.nfvo.multivimproxy.service.activator; - -import org.onap.vfc.nfvo.multivimproxy.service.adapter.inf.IMultivimProxyAdapterMgrService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.config.DestructionAwareBeanPostProcessor; - -/** - *
- *

- *

- * - * @author - * @version VFC 1.0 Sep 22, 2016 - */ -public class ROAMultivimProxyServicePostProcessor implements DestructionAwareBeanPostProcessor { - - private static final Logger LOG = LoggerFactory.getLogger(ROAMultivimProxyServicePostProcessor.class); - - @Override - public Object postProcessAfterInitialization(Object bean, String name) throws BeansException { - if(bean instanceof IMultivimProxyAdapterMgrService) { - LOG.warn("Register to Microservice BUS!"); - IMultivimProxyAdapterMgrService proxyAdapterSvc = (IMultivimProxyAdapterMgrService)bean; - proxyAdapterSvc.register(); - } - - return bean; - } - - @Override - public Object postProcessBeforeInitialization(Object bean, String name) throws BeansException { - // TODO Auto-generated method stub - return bean; - } - - @Override - public void postProcessBeforeDestruction(Object bean, String name) throws BeansException { - // TODO Auto-generated method stub - - } - -} diff --git a/service/src/main/resources/spring/multivimproxy/services.xml b/service/src/main/resources/spring/multivimproxy/services.xml index 135b1d9..33bdb01 100644 --- a/service/src/main/resources/spring/multivimproxy/services.xml +++ b/service/src/main/resources/spring/multivimproxy/services.xml @@ -35,7 +35,7 @@ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/aop - http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"> + http://www.springframework.org/schema/aop/spring-aop.xsd"> -- cgit 1.2.3-korg