summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAmichai Hemli <amichai.hemli@intl.att.com>2019-09-16 10:53:47 +0300
committerAmichai Hemli <amichai.hemli@intl.att.com>2019-09-16 12:49:06 +0300
commit98794615f346c753a94fa5f63f7cbc67792af4c1 (patch)
treed33cdb96d417d984988fe000dad22cf3b7eff6fd
parent69ea8f5b4c5165b12de7261bfb19625c6dc3d5be (diff)
Upgrade FasterXML/Jackson to version 2.9.9.3
FasterXML jackson-databind versions 2.x through 2.9.9.1 are vulnerable. we will use 2.9.9.3 for jackson-databind only Issue-ID: VID-640 Signed-off-by: Amichai Hemli <amichai.hemli@intl.att.com> Change-Id: I537cb83ad787522b75fdee59ffabb51def747096
-rwxr-xr-xepsdk-app-onap/pom.xml3
-rwxr-xr-xvid-app-common/pom.xml3
-rw-r--r--vid-automation/pom.xml3
-rw-r--r--vid-ext-services-simulator/pom.xml5
-rw-r--r--vid-webpack-master/pom.xml1
5 files changed, 9 insertions, 6 deletions
diff --git a/epsdk-app-onap/pom.xml b/epsdk-app-onap/pom.xml
index 5cab377c8..f9b55f0e6 100755
--- a/epsdk-app-onap/pom.xml
+++ b/epsdk-app-onap/pom.xml
@@ -26,6 +26,7 @@
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<epsdk.version>2.5.0</epsdk.version>
<jackson.version>2.9.9</jackson.version>
+ <jackson.databind.version>2.9.9.3</jackson.databind.version>
<springframework.version>5.1.9.RELEASE</springframework.version>
<!-- epsdk-core is importing this class, which is only on spring-orm 4 but not in orm 5:
org.springframework.orm.hibernate4.HibernateTransactionManager
@@ -337,7 +338,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>
diff --git a/vid-app-common/pom.xml b/vid-app-common/pom.xml
index d78bb2e33..6dbaa98b4 100755
--- a/vid-app-common/pom.xml
+++ b/vid-app-common/pom.xml
@@ -33,6 +33,7 @@
so following orm.version lets epsdk-core find it -->
<hibernate.version>4.3.11.Final</hibernate.version>
<jackson.version>2.9.9</jackson.version>
+ <jackson.databind.version>2.9.9.3</jackson.databind.version>
<jersey.version>2.29</jersey.version>
<surefire.version>2.22.1</surefire.version>
<selenium.version>3.141.59</selenium.version>
@@ -617,7 +618,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>
diff --git a/vid-automation/pom.xml b/vid-automation/pom.xml
index 81ec4a6d8..6f2ae22c2 100644
--- a/vid-automation/pom.xml
+++ b/vid-automation/pom.xml
@@ -9,6 +9,7 @@
<springframework.version>5.1.9.RELEASE</springframework.version>
<jersey.version>2.29</jersey.version>
<jackson.version>2.9.9</jackson.version>
+ <jackson.databind.version>2.9.9.3</jackson.databind.version>
<aspectj.version>1.8.10</aspectj.version>
<selenium.version>3.6.0</selenium.version>
<log4j.version>2.12.0</log4j.version>
@@ -161,7 +162,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
diff --git a/vid-ext-services-simulator/pom.xml b/vid-ext-services-simulator/pom.xml
index 8cb3c37b8..b3179cf5e 100644
--- a/vid-ext-services-simulator/pom.xml
+++ b/vid-ext-services-simulator/pom.xml
@@ -14,7 +14,8 @@
<encoding>UTF-8</encoding>
<springframework.version>5.1.9.RELEASE</springframework.version>
<hibernate.version>5.3.4.Final</hibernate.version>
- <jackson.version>2.9.8</jackson.version>
+ <jackson.version>2.9.9</jackson.version>
+ <jackson.databind.version>2.9.9.3</jackson.databind.version>
<!-- Skip assembling the zip by default -->
<skipassembly>true</skipassembly>
<!-- Tests usually require some setup that maven cannot do, so skip. -->
@@ -142,7 +143,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
diff --git a/vid-webpack-master/pom.xml b/vid-webpack-master/pom.xml
index f54142854..9e7dd0da6 100644
--- a/vid-webpack-master/pom.xml
+++ b/vid-webpack-master/pom.xml
@@ -18,7 +18,6 @@
<encoding>UTF-8</encoding>
<!--<springframework.version>5.1.6.RELEASE</springframework.version>-->
<!--<hibernate.version>4.3.11.Final</hibernate.version>-->
- <!--<jackson.version>2.6.3</jackson.version>-->
<!-- Skip assembling the zip by default -->
<skipassembly>true</skipassembly>
<!-- Tests usually require some setup that maven cannot do, so skip. -->