summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--vnfmarket-be/vnf-sdk-marketplace/pom.xml35
1 files changed, 31 insertions, 4 deletions
diff --git a/vnfmarket-be/vnf-sdk-marketplace/pom.xml b/vnfmarket-be/vnf-sdk-marketplace/pom.xml
index 327bd2de..cddf21c7 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/pom.xml
+++ b/vnfmarket-be/vnf-sdk-marketplace/pom.xml
@@ -70,32 +70,59 @@
<version>1.5.19</version>
</dependency>
<!-- jersey -->
-
+<!-- excluded jetty-util and added invulnerable version -->
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-jetty-servlet</artifactId>
<version>2.24.1</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-util</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
+<!-- commons-codec excluded due to Security Issues:- Sonatype-2012-0050
+ and added invulnerable commons-codec-1.13 -->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpmime</artifactId>
<version>4.5.3</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.13</version>
</dependency>
<!-- jetty -->
+<!-- Updated jetty-util,jetty-http,jetty-servlet and jetty-server
+due to Security Issues:- CVE-2019-10241,CVE-2019-10247,CVE-2019-10246
+-->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-http</artifactId>
- <version>9.4.11.v20180605</version>
+ <version>9.4.20.v20190813</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlet</artifactId>
- <version>9.4.11.v20180605</version>
+ <version>9.4.20.v20190813</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
- <version>9.4.11.v20180605</version>
+ <version>9.4.20.v20190813</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-util</artifactId>
+ <version>9.4.20.v20190813</version>
</dependency>
<!-- consumer -->
<dependency>