Merge "Migrate to gson"

diff --combined vnfmarket-be/vnf-sdk-marketplace/pom.xml
index 0544e25,728717c..875710f
--- 1/vnfmarket-be/vnf-sdk-marketplace/pom.xml
--- 2/vnfmarket-be/vnf-sdk-marketplace/pom.xml
+++ b/vnfmarket-be/vnf-sdk-marketplace/pom.xml
@@@ -41,18 -41,6 +41,18 @@@
              <groupId>org.apache.cxf</groupId>
              <artifactId>cxf-rt-frontend-jaxrs</artifactId>
              <version>${cxf.version}</version>
 +            <exclusions>
 +                <exclusion>
 +                    <groupId>com.fasterxml.woodstox</groupId>
 +                    <artifactId>woodstox-core</artifactId>
 +                </exclusion>
 +            </exclusions>
 +        </dependency>
 +        <!-- added invulnerable version of woodstox-core -->
 +        <dependency>
 +            <groupId>com.fasterxml.woodstox</groupId>
 +            <artifactId>woodstox-core</artifactId>
 +            <version>5.3.0</version>
          </dependency>
          <dependency>
              <groupId>org.apache.cxf</groupId>
@@@ -82,10 -70,18 +82,18 @@@
              <version>2.1.0</version>
          </dependency>
  
+         <!--excluded com.fasterxml.jackson.core:jackson-databind:jar:2.9.5
+             CVE-2018-11307-->
          <dependency>
              <groupId>io.swagger</groupId>
              <artifactId>swagger-jersey2-jaxrs</artifactId>
              <version>1.5.19</version>
+             <exclusions>
+                 <exclusion>
+                     <groupId>com.fasterxml.jackson.core</groupId>
+                     <artifactId>jackson-databind</artifactId>
+                 </exclusion>
+             </exclusions>
          </dependency>
          <!-- jersey -->
  <!-- excluded jetty-util and added invulnerable version -->