summaryrefslogtreecommitdiffstats
path: root/vnfmarket-be
diff options
context:
space:
mode:
authorjitendra sharma <jitendra.sharma1@huawei.com>2020-02-24 13:47:09 +0000
committerjitendra sharma <jitendra.sharma1@huawei.com>2020-02-26 06:00:23 +0000
commitc2e0253ec2bcc67197e56f67154d8c7fd455c825 (patch)
tree0d3e8c5c3a7797e919711e5b642cc754821c3b4b /vnfmarket-be
parentf01da39ed3cdc06003bc6d28c57fd9a6cfab3efb (diff)
Change dependency version for commons-codec and jetty
Issue-ID: VNFSDK-507 Signed-off-by: jitendra sharma <jitendra.sharma1@huawei.com> Change-Id: I84c98b45f84083bc765fd9205d33cb51dc9f5639
Diffstat (limited to 'vnfmarket-be')
-rw-r--r--vnfmarket-be/vnf-sdk-marketplace/pom.xml35
1 files changed, 31 insertions, 4 deletions
diff --git a/vnfmarket-be/vnf-sdk-marketplace/pom.xml b/vnfmarket-be/vnf-sdk-marketplace/pom.xml
index 327bd2de..cddf21c7 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/pom.xml
+++ b/vnfmarket-be/vnf-sdk-marketplace/pom.xml
@@ -70,32 +70,59 @@
<version>1.5.19</version>
</dependency>
<!-- jersey -->
-
+<!-- excluded jetty-util and added invulnerable version -->
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-jetty-servlet</artifactId>
<version>2.24.1</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-util</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
+<!-- commons-codec excluded due to Security Issues:- Sonatype-2012-0050
+ and added invulnerable commons-codec-1.13 -->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpmime</artifactId>
<version>4.5.3</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.13</version>
</dependency>
<!-- jetty -->
+<!-- Updated jetty-util,jetty-http,jetty-servlet and jetty-server
+due to Security Issues:- CVE-2019-10241,CVE-2019-10247,CVE-2019-10246
+-->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-http</artifactId>
- <version>9.4.11.v20180605</version>
+ <version>9.4.20.v20190813</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlet</artifactId>
- <version>9.4.11.v20180605</version>
+ <version>9.4.20.v20190813</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
- <version>9.4.11.v20180605</version>
+ <version>9.4.20.v20190813</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-util</artifactId>
+ <version>9.4.20.v20190813</version>
</dependency>
<!-- consumer -->
<dependency>