Fix security issues
Change-Id: I9d003e30920e7cb57143743f260e4ae2a8ba52d6
Issue-ID: VID-149
Signed-off-by: Sonsino, Ofir (os0695) <os0695@intl.att.com>
diff --git a/epsdk-app-onap/pom.xml b/epsdk-app-onap/pom.xml
index 646c017..e5b88ba 100755
--- a/epsdk-app-onap/pom.xml
+++ b/epsdk-app-onap/pom.xml
@@ -18,7 +18,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<epsdk.version>2.1.0</epsdk.version>
- <springframework.version>4.2.4.RELEASE</springframework.version>
+ <springframework.version>4.2.9.RELEASE</springframework.version>
<hibernate.version>4.3.11.Final</hibernate.version>
<!-- Skip assembling the zip; assemble via mvn -Dskipassembly=false .. -->
<skipassembly>true</skipassembly>
@@ -272,12 +272,34 @@
<artifactId>epsdk-app-common</artifactId>
<version>${epsdk.version}</version>
<type>jar</type>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!--Upgrade fileupload version-->
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>1.3.3</version>
</dependency>
<dependency>
<groupId>org.onap.vid</groupId>
<artifactId>vid-app-common</artifactId>
<version>${project.version}</version>
<type>war</type>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.onap.vid</groupId>
@@ -291,16 +313,34 @@
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-core</artifactId>
<version>${epsdk.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-analytics</artifactId>
<version>${epsdk.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-workflow</artifactId>
<version>${epsdk.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.att.eelf</groupId>
@@ -339,6 +379,12 @@
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.6.7.1</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.mchange</groupId>
@@ -366,12 +412,6 @@
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
- <!-- Elastic Search -->
- <dependency>
- <groupId>org.elasticsearch</groupId>
- <artifactId>elasticsearch</artifactId>
- <version>2.2.0</version>
- </dependency>
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
diff --git a/pom.xml b/pom.xml
index e4dd40c..231d2cf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -260,40 +260,15 @@
<version>1.3.3</version>
</dependency>
<dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
- <version>1.46</version>
- </dependency>
- <dependency>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- <version>2.7.2</version>
- </dependency>
- <dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi</artifactId>
- <version>3.15</version>
- </dependency>
- <dependency>
- <groupId>com.thoughtworks.xstream</groupId>
- <artifactId>xstream</artifactId>
- <version>1.4.10</version>
+ <version>3.17</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.3</version>
</dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-core</artifactId>
- <version>2.8.6</version>
- </dependency>
- <dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.11.0.SP5</version>
- </dependency>
</dependencies>
<version>1.2.1-SNAPSHOT</version>
</project>
diff --git a/vid-app-common/pom.xml b/vid-app-common/pom.xml
index de0e0d2..7a48522 100755
--- a/vid-app-common/pom.xml
+++ b/vid-app-common/pom.xml
@@ -19,7 +19,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<epsdk.version>2.1.0</epsdk.version>
- <springframework.version>4.2.4.RELEASE</springframework.version>
+ <springframework.version>4.2.9.RELEASE</springframework.version>
<hibernate.version>4.3.11.Final</hibernate.version>
<!-- Skip assembling the zip by default -->
<skipassembly>true</skipassembly>
@@ -307,7 +307,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
- <version>2.6.3</version>
+ <version>2.8.6</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>