Fix security risk issues

Change-Id: I28ad841d4b9cd0f9c423c5899bb292c970e34e5e
Issue-ID: USECASEUI-258
Signed-off-by: guochuyicmri <guochuyi@chinamobile.com>

diff --git a/server/pom.xml b/server/pom.xml
index 74a6304..0878fcf 100644 (file)
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -15,14 +15,14 @@
     limitations under the License.
  -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-       
-       <parent>
+
+    <parent>
         <groupId>org.onap.usecase-ui.server</groupId>
         <artifactId>usecase-ui-server-parent</artifactId>
         <version>1.3.0-SNAPSHOT</version>
     </parent>
-    
-       <modelVersion>4.0.0</modelVersion>
+
+    <modelVersion>4.0.0</modelVersion>
     <groupId>org.onap.usecase-ui.server</groupId>
     <artifactId>usecase-ui-server</artifactId>
     <version>1.3.0-SNAPSHOT</version>
@@ -38,7 +38,7 @@
         <spring.version>4.3.4.RELEASE</spring.version>
         <javax.persistence.version>1.0.2</javax.persistence.version>
         <common.csv.version>1.4</common.csv.version>
-        <jackson.version>2.9.0</jackson.version>
+        <jackson.version>2.9.8</jackson.version>
     </properties>
 
     <dependencyManagement>
@@ -72,20 +72,20 @@
             <artifactId>spring-boot-starter-data-rest</artifactId>
         </dependency>
         <dependency>
-                       <groupId>org.elasticsearch.client</groupId>
-                       <artifactId>elasticsearch-rest-high-level-client</artifactId>
-                       <version>6.6.0</version>
-                        <exclusions>
+            <groupId>org.elasticsearch.client</groupId>
+            <artifactId>elasticsearch-rest-high-level-client</artifactId>
+            <version>6.6.0</version>
+            <exclusions>
                 <exclusion>
                     <groupId>org.elasticsearch</groupId>
                     <artifactId>elasticsearch</artifactId>
                 </exclusion>
-              </exclusions>
-               </dependency>
-                <dependency>
+            </exclusions>
+        </dependency>
+        <dependency>
             <groupId>org.elasticsearch</groupId>
             <artifactId>elasticsearch</artifactId>
-            <version>6.6.0</version>
+            <version>6.6.1</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.data</groupId>
@@ -99,18 +99,18 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
-               <!-- postgresql  dependency-->
-               <dependency>
-                       <groupId>postgresql</groupId>
-                       <artifactId>postgresql</artifactId>
-                       <version>9.1-901-1.jdbc4</version>
-               </dependency>
-               
-               <dependency>
-                       <groupId>org.postgresql</groupId>
-                       <artifactId>postgresql</artifactId>
-                       <scope>runtime</scope>
-               </dependency>
+        <!-- postgresql  dependency-->
+        <dependency>
+            <groupId>postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+            <version>8.2-511.jdbc3</version>
+        </dependency>
+
+        <dependency>
+              <groupId>org.postgresql</groupId>
+              <artifactId>postgresql</artifactId>
+              <scope>runtime</scope>
+          </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
@@ -218,12 +218,12 @@
             <artifactId>fastjson</artifactId>
             <version>1.2.29</version>
         </dependency>
-        
+
         <dependency>
-                   <groupId>com.alibaba</groupId>
-                   <artifactId>dubbo</artifactId>
-                   <version>2.6.5</version>
-               </dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>dubbo</artifactId>
+            <version>2.6.5</version>
+        </dependency>
         <dependency>
             <groupId>org.openecomp.sdc.jtosca</groupId>
             <artifactId>jtosca</artifactId>
@@ -280,6 +280,17 @@
 
     <build>
         <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <configuration>
+                    <layout>ZIP</layout>
+                    <excludeGroupIds>
+                        org.eclipse.jetty
+                        dom4j
+                    </excludeGroupIds>
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
@@ -326,6 +337,15 @@
                 </configuration>
             </plugin>
         </plugins>
+        <resources>
+            <resource>
+                <directory>src/main/resources</directory>
+                <excludes>
+                    <exclude>*</exclude>
+                </excludes>
+                <filtering>true</filtering>
+            </resource>
+        </resources>
     </build>
 
     <repositories>