diff options
| author |   Amichai Hemli <amichai.hemli@intl.att.com> | 2019-09-16 10:53:47 +0300 |
|---|---|---|
| committer | Amichai Hemli <amichai.hemli@intl.att.com> | 2019-09-16 12:49:06 +0300 |
| commit | 98794615f346c753a94fa5f63f7cbc67792af4c1 (patch) | |
| tree | d33cdb96d417d984988fe000dad22cf3b7eff6fd | |
| parent | 69ea8f5b4c5165b12de7261bfb19625c6dc3d5be (diff) | |
Upgrade FasterXML/Jackson to version 2.9.9.3
FasterXML jackson-databind versions 2.x through 2.9.9.1 are vulnerable.
we will use 2.9.9.3 for jackson-databind only
Issue-ID: VID-640
Signed-off-by: Amichai Hemli <amichai.hemli@intl.att.com>
Change-Id: I537cb83ad787522b75fdee59ffabb51def747096
| -rwxr-xr-x | epsdk-app-onap/pom.xml | 3 | ||||
| -rwxr-xr-x | vid-app-common/pom.xml | 3 | ||||
| -rw-r--r-- | vid-automation/pom.xml | 3 | ||||
| -rw-r--r-- | vid-ext-services-simulator/pom.xml | 5 | ||||
| -rw-r--r-- | vid-webpack-master/pom.xml | 1 |
5 files changed, 9 insertions, 6 deletions
diff --git a/epsdk-app-onap/pom.xml b/epsdk-app-onap/pom.xml index 5cab377c8..f9b55f0e6 100755 --- a/epsdk-app-onap/pom.xml +++ b/epsdk-app-onap/pom.xml @@ -26,6 +26,7 @@ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> <epsdk.version>2.5.0</epsdk.version> <jackson.version>2.9.9</jackson.version> + <jackson.databind.version>2.9.9.3</jackson.databind.version> <springframework.version>5.1.9.RELEASE</springframework.version> <!-- epsdk-core is importing this class, which is only on spring-orm 4 but not in orm 5: org.springframework.orm.hibernate4.HibernateTransactionManager @@ -337,7 +338,7 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>${jackson.version}</version> + <version>${jackson.databind.version}</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.module</groupId> diff --git a/vid-app-common/pom.xml b/vid-app-common/pom.xml index d78bb2e33..6dbaa98b4 100755 --- a/vid-app-common/pom.xml +++ b/vid-app-common/pom.xml @@ -33,6 +33,7 @@ so following orm.version lets epsdk-core find it --> <hibernate.version>4.3.11.Final</hibernate.version> <jackson.version>2.9.9</jackson.version> + <jackson.databind.version>2.9.9.3</jackson.databind.version> <jersey.version>2.29</jersey.version> <surefire.version>2.22.1</surefire.version> <selenium.version>3.141.59</selenium.version> @@ -617,7 +618,7 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>${jackson.version}</version> + <version>${jackson.databind.version}</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.module</groupId> diff --git a/vid-automation/pom.xml b/vid-automation/pom.xml index 81ec4a6d8..6f2ae22c2 100644 --- a/vid-automation/pom.xml +++ b/vid-automation/pom.xml @@ -9,6 +9,7 @@ <springframework.version>5.1.9.RELEASE</springframework.version> <jersey.version>2.29</jersey.version> <jackson.version>2.9.9</jackson.version> + <jackson.databind.version>2.9.9.3</jackson.databind.version> <aspectj.version>1.8.10</aspectj.version> <selenium.version>3.6.0</selenium.version> <log4j.version>2.12.0</log4j.version> @@ -161,7 +162,7 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>${jackson.version}</version> + <version>${jackson.databind.version}</version> </dependency> <dependency> <groupId>commons-beanutils</groupId> diff --git a/vid-ext-services-simulator/pom.xml b/vid-ext-services-simulator/pom.xml index 8cb3c37b8..b3179cf5e 100644 --- a/vid-ext-services-simulator/pom.xml +++ b/vid-ext-services-simulator/pom.xml @@ -14,7 +14,8 @@ <encoding>UTF-8</encoding> <springframework.version>5.1.9.RELEASE</springframework.version> <hibernate.version>5.3.4.Final</hibernate.version> - <jackson.version>2.9.8</jackson.version> + <jackson.version>2.9.9</jackson.version> + <jackson.databind.version>2.9.9.3</jackson.databind.version> <!-- Skip assembling the zip by default --> <skipassembly>true</skipassembly> <!-- Tests usually require some setup that maven cannot do, so skip. --> @@ -142,7 +143,7 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>${jackson.version}</version> + <version>${jackson.databind.version}</version> </dependency> <dependency> <groupId>javax.xml.bind</groupId> diff --git a/vid-webpack-master/pom.xml b/vid-webpack-master/pom.xml index f54142854..9e7dd0da6 100644 --- a/vid-webpack-master/pom.xml +++ b/vid-webpack-master/pom.xml @@ -18,7 +18,6 @@ <encoding>UTF-8</encoding> <!--<springframework.version>5.1.6.RELEASE</springframework.version>--> <!--<hibernate.version>4.3.11.Final</hibernate.version>--> - <!--<jackson.version>2.6.3</jackson.version>--> <!-- Skip assembling the zip by default --> <skipassembly>true</skipassembly> <!-- Tests usually require some setup that maven cannot do, so skip. --> |