Fix library CVEs in SO Fix additional CVEs: commons-fileupload 1.3.3 For CVE-2016-1000031 logback 1.1.11 For CVE-2017-5929 springframework 4.3.14.RELEASE For CVE-2014-0225 CVE-2015-5211 Issue-ID: SO-579 Change-Id: I94f8332d420d2586262260a0a59a645f0de66b73 Signed-off-by: chenying83 <chenying83@huawei.com>

commit: 98e3f70497d2cdde07bb03a57fdd2ebdf3208882 [log] [tgz]
author: chenying83 <chenying83@huawei.com> Thu Apr 26 08:20:10 2018 +0000
committer: chenying83 <chenying83@huawei.com> Thu Apr 26 08:20:10 2018 +0000
tree: ce2d6f0dbff4f98e0a3612c05edbdab2ec0752c8
parent: efdfc40f759c70b9ab2ac7e23de42c7d211fde79 [diff] [blame]
diff --git a/pom.xml b/pom.xml
index ed64d08..73286d6 100644
--- a/pom.xml
+++ b/pom.xml

@@ -529,6 +529,24 @@
       <version>${resteasy.version}</version>
       <scope>test</scope>
     </dependency>
+    <!-- For CVE-2016-1000031 -->
+    <dependency>
+      <groupId>commons-fileupload</groupId>
+      <artifactId>commons-fileupload</artifactId>
+      <version>1.3.3</version>
+    </dependency>
+    <!-- For CVE-2017-5929 -->
+    <dependency>
+      <groupId>ch.qos.logback</groupId>
+      <artifactId>logback-core</artifactId>
+      <version>1.1.11</version>
+    </dependency>
+    <!-- For CVE-2014-0225 CVE-2015-5211 -->
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-core</artifactId>
+      <version>4.3.14.RELEASE</version>
+    </dependency>
   </dependencies>
   <dependencyManagement>
     <dependencies>
commit	98e3f70497d2cdde07bb03a57fdd2ebdf3208882	[log] [tgz]
author	chenying83 <chenying83@huawei.com>	Thu Apr 26 08:20:10 2018 +0000
committer	chenying83 <chenying83@huawei.com>	Thu Apr 26 08:20:10 2018 +0000
tree	ce2d6f0dbff4f98e0a3612c05edbdab2ec0752c8
parent	efdfc40f759c70b9ab2ac7e23de42c7d211fde79 [diff] [blame]