From 91958f3b09ac4883d393d9cfb04ddcb0baa1d134 Mon Sep 17 00:00:00 2001 From: Victor Gao Date: Thu, 15 Nov 2018 15:44:17 +0800 Subject: Fix vulnerability issue in resmgr upgrade springframework from 3.x to 4.x CVE-2016-6812 CVE-2018-1270 CVE-2018-11039 SONATYPE-2015-0002 CVE-2014-3578 CVE-2018-1257 CVE-2017-12624 CVE-2018-8039 Change-Id: I59014c277df9bf201bb672a108a82a2deb0ed95b Issue-ID: VFC-1187 Signed-off-by: Victor Gao (cherry picked from commit ea18924cd5505f5e36ea58e7424db54c41db4605) --- ResmanagementService/service/pom.xml | 35 ++++++++----- .../activator/ROAResmgrServicePostProcessor.java | 59 ---------------------- .../resources/spring/Resmanagement/services.xml | 2 +- .../spring/Resmanagement/svc_register.xml | 2 +- 4 files changed, 25 insertions(+), 73 deletions(-) delete mode 100644 ResmanagementService/service/src/main/java/org/onap/vfc/nfvo/resmanagement/service/activator/ROAResmgrServicePostProcessor.java diff --git a/ResmanagementService/service/pom.xml b/ResmanagementService/service/pom.xml index 3e043b7..7571b8f 100644 --- a/ResmanagementService/service/pom.xml +++ b/ResmanagementService/service/pom.xml @@ -104,7 +104,7 @@ org.springframework spring-tx - 3.1.0.RELEASE + 3.1.2.RELEASE org.mybatis @@ -151,53 +151,64 @@ org.springframework spring-core - 3.1.0.RELEASE + 4.3.18.RELEASE org.springframework spring-aop - 3.1.0.RELEASE + 4.3.18.RELEASE org.springframework spring-beans - 3.1.0.RELEASE + 4.3.18.RELEASE org.springframework spring-context - 3.1.0.RELEASE + 4.3.18.RELEASE org.springframework spring-jdbc - 3.1.0.RELEASE + 4.3.18.RELEASE org.springframework spring-web 3.2.14.RELEASE - + org.springframework spring-expression - 3.1.0.RELEASE + 4.3.18.RELEASE org.springframework spring-test - 3.1.0.RELEASE + 4.3.18.RELEASE + + org.apache.cxf + cxf-rt-transports-http + 3.1.17 + org.apache.cxf cxf-rt-frontend-jaxrs - 3.1.6 + 3.1.17 + + + org.apache.cxf + cxf-rt-transports-http + + diff --git a/ResmanagementService/service/src/main/java/org/onap/vfc/nfvo/resmanagement/service/activator/ROAResmgrServicePostProcessor.java b/ResmanagementService/service/src/main/java/org/onap/vfc/nfvo/resmanagement/service/activator/ROAResmgrServicePostProcessor.java deleted file mode 100644 index 300ee7d..0000000 --- a/ResmanagementService/service/src/main/java/org/onap/vfc/nfvo/resmanagement/service/activator/ROAResmgrServicePostProcessor.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright 2016 Huawei Technologies Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onap.vfc.nfvo.resmanagement.service.activator; - -import org.onap.vfc.nfvo.resmanagement.service.adapter.inf.IResmgrAdapterMgrService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.config.DestructionAwareBeanPostProcessor; - -/** - *
- *

- *

- * - * @author - * @version VFC 1.0 Sep 22, 2016 - */ -public class ROAResmgrServicePostProcessor implements DestructionAwareBeanPostProcessor { - - private static final Logger LOG = LoggerFactory.getLogger(ROAResmgrServicePostProcessor.class); - - @Override - public Object postProcessAfterInitialization(Object bean, String name) throws BeansException { - if(bean instanceof IResmgrAdapterMgrService) { - LOG.warn("Register to Microservice BUS!"); - IResmgrAdapterMgrService resmgrAdapterSvc = (IResmgrAdapterMgrService)bean; - resmgrAdapterSvc.register(); - } - - return bean; - } - - @Override - public Object postProcessBeforeInitialization(Object bean, String name) throws BeansException { - LOG.info("postProcessBeforeInitialization"); - return bean; - } - - @Override - public void postProcessBeforeDestruction(Object bean, String name) throws BeansException { - LOG.info("postProcessBeforeDestruction"); - } - -} diff --git a/ResmanagementService/service/src/main/resources/spring/Resmanagement/services.xml b/ResmanagementService/service/src/main/resources/spring/Resmanagement/services.xml index e60bf19..db1eccb 100644 --- a/ResmanagementService/service/src/main/resources/spring/Resmanagement/services.xml +++ b/ResmanagementService/service/src/main/resources/spring/Resmanagement/services.xml @@ -35,7 +35,7 @@ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/aop - http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"> + http://www.springframework.org/schema/aop/spring-aop.xsd"> diff --git a/ResmanagementService/service/src/main/resources/spring/Resmanagement/svc_register.xml b/ResmanagementService/service/src/main/resources/spring/Resmanagement/svc_register.xml index 1306e39..e17d2d2 100644 --- a/ResmanagementService/service/src/main/resources/spring/Resmanagement/svc_register.xml +++ b/ResmanagementService/service/src/main/resources/spring/Resmanagement/svc_register.xml @@ -36,7 +36,7 @@ http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd - http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"> + http://www.springframework.org/schema/aop/spring-aop.xsd">