diff options
author | Sonsino, Ofir (os0695) <os0695@intl.att.com> | 2018-04-03 10:53:27 +0300 |
---|---|---|
committer | Sonsino, Ofir (os0695) <os0695@intl.att.com> | 2018-04-03 10:53:27 +0300 |
commit | 745b4d5681133a94e507db1452b72ca1a2c19446 (patch) | |
tree | 96326be5ac4647d29a8291d2566bf7e32cbf5cc1 | |
parent | a3b6fb9972e3f114e5b6f6c23b0e67e07fb70d1e (diff) |
Fix security issues
Change-Id: I9d003e30920e7cb57143743f260e4ae2a8ba52d6
Issue-ID: VID-149
Signed-off-by: Sonsino, Ofir (os0695) <os0695@intl.att.com>
-rwxr-xr-x | epsdk-app-onap/pom.xml | 54 | ||||
-rw-r--r-- | pom.xml | 27 | ||||
-rwxr-xr-x | vid-app-common/pom.xml | 4 |
3 files changed, 50 insertions, 35 deletions
diff --git a/epsdk-app-onap/pom.xml b/epsdk-app-onap/pom.xml index 646c017f3..e5b88ba3f 100755 --- a/epsdk-app-onap/pom.xml +++ b/epsdk-app-onap/pom.xml @@ -18,7 +18,7 @@ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<epsdk.version>2.1.0</epsdk.version>
- <springframework.version>4.2.4.RELEASE</springframework.version>
+ <springframework.version>4.2.9.RELEASE</springframework.version>
<hibernate.version>4.3.11.Final</hibernate.version>
<!-- Skip assembling the zip; assemble via mvn -Dskipassembly=false .. -->
<skipassembly>true</skipassembly>
@@ -272,12 +272,34 @@ <artifactId>epsdk-app-common</artifactId>
<version>${epsdk.version}</version>
<type>jar</type>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!--Upgrade fileupload version-->
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>1.3.3</version>
</dependency>
<dependency>
<groupId>org.onap.vid</groupId>
<artifactId>vid-app-common</artifactId>
<version>${project.version}</version>
<type>war</type>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.onap.vid</groupId>
@@ -291,16 +313,34 @@ <groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-core</artifactId>
<version>${epsdk.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-analytics</artifactId>
<version>${epsdk.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-workflow</artifactId>
<version>${epsdk.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.att.eelf</groupId>
@@ -339,6 +379,12 @@ <groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.6.7.1</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.mchange</groupId>
@@ -366,12 +412,6 @@ <artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
- <!-- Elastic Search -->
- <dependency>
- <groupId>org.elasticsearch</groupId>
- <artifactId>elasticsearch</artifactId>
- <version>2.2.0</version>
- </dependency>
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
@@ -260,40 +260,15 @@ <version>1.3.3</version>
</dependency>
<dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
- <version>1.46</version>
- </dependency>
- <dependency>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- <version>2.7.2</version>
- </dependency>
- <dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi</artifactId>
- <version>3.15</version>
- </dependency>
- <dependency>
- <groupId>com.thoughtworks.xstream</groupId>
- <artifactId>xstream</artifactId>
- <version>1.4.10</version>
+ <version>3.17</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.3</version>
</dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-core</artifactId>
- <version>2.8.6</version>
- </dependency>
- <dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.11.0.SP5</version>
- </dependency>
</dependencies>
<version>1.2.1-SNAPSHOT</version>
</project>
diff --git a/vid-app-common/pom.xml b/vid-app-common/pom.xml index de0e0d2d0..7a4852280 100755 --- a/vid-app-common/pom.xml +++ b/vid-app-common/pom.xml @@ -19,7 +19,7 @@ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<epsdk.version>2.1.0</epsdk.version>
- <springframework.version>4.2.4.RELEASE</springframework.version>
+ <springframework.version>4.2.9.RELEASE</springframework.version>
<hibernate.version>4.3.11.Final</hibernate.version>
<!-- Skip assembling the zip by default -->
<skipassembly>true</skipassembly>
@@ -307,7 +307,7 @@ <dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
- <version>2.6.3</version>
+ <version>2.8.6</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
|