Fix security issues

Change-Id: I12ebc7634bdefc176642e8637e6a2af2c5e14b99
Issue-ID: VID-149
Signed-off-by: Sonsino, Ofir (os0695) <os0695@intl.att.com>

diff --git a/epsdk-app-onap/pom.xml b/epsdk-app-onap/pom.xml
index 67f9a08..b38821a 100755 (executable)
--- a/epsdk-app-onap/pom.xml
+++ b/epsdk-app-onap/pom.xml
@@ -18,7 +18,7 @@
                <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>\r
                <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>\r
                <epsdk.version>2.1.0</epsdk.version>\r
-               <springframework.version>4.2.2.RELEASE</springframework.version>\r
+               <springframework.version>4.2.4.RELEASE</springframework.version>\r
                <hibernate.version>4.3.11.Final</hibernate.version>\r
                <!-- Skip assembling the zip; assemble via mvn -Dskipassembly=false .. -->\r
                <skipassembly>true</skipassembly>\r
@@ -321,12 +321,12 @@
                <dependency>\r
                        <groupId>commons-collections</groupId>\r
                        <artifactId>commons-collections</artifactId>\r
-                       <version>3.2.1</version>\r
+                       <version>3.2.2</version>\r
                </dependency>\r
                <dependency>\r
                        <groupId>commons-fileupload</groupId>\r
                        <artifactId>commons-fileupload</artifactId>\r
-                       <version>1.3.2</version>\r
+                       <version>1.3.3</version>\r
                </dependency>\r
                <dependency>\r
                        <groupId>org.bouncycastle</groupId>\r
@@ -336,13 +336,35 @@
                <dependency>\r
                        <groupId>xalan</groupId>\r
                        <artifactId>xalan</artifactId>\r
-                       <version>2.7.1</version>\r
+                       <version>2.7.2</version>\r
                </dependency>\r
                <dependency>\r
                        <groupId>org.apache.poi</groupId>\r
                        <artifactId>poi</artifactId>\r
-                       <version>3.8</version>\r
+                       <version>3.15</version>\r
                </dependency>\r
+               <dependency>\r
+                       <groupId>com.thoughtworks.xstream</groupId>\r
+                       <artifactId>xstream</artifactId>\r
+                       <version>1.4.10</version>\r
+               </dependency>\r
+               <dependency>\r
+                       <groupId>org.apache.httpcomponents</groupId>\r
+                       <artifactId>httpclient</artifactId>\r
+                       <version>4.5.3</version>\r
+               </dependency>\r
+               <dependency>\r
+                       <groupId>com.fasterxml.jackson.core</groupId>\r
+                       <artifactId>jackson-core</artifactId>\r
+                       <version>2.8.6</version>\r
+               </dependency>\r
+               <dependency>\r
+                       <groupId>xerces</groupId>\r
+                       <artifactId>xercesImpl</artifactId>\r
+                       <version>2.11.0.SP5</version>\r
+               </dependency>\r
+\r
+\r
 \r
                <dependency>\r
                        <groupId>org.onap.vid</groupId>\r

diff --git a/vid-app-common/pom.xml b/vid-app-common/pom.xml
index 5d79a50..de0e0d2 100755 (executable)
--- a/vid-app-common/pom.xml
+++ b/vid-app-common/pom.xml
@@ -19,7 +19,7 @@
                <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>\r
                <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>\r
                <epsdk.version>2.1.0</epsdk.version>\r
-               <springframework.version>4.2.2.RELEASE</springframework.version>\r
+               <springframework.version>4.2.4.RELEASE</springframework.version>\r
                <hibernate.version>4.3.11.Final</hibernate.version>\r
                <!-- Skip assembling the zip by default -->\r
                <skipassembly>true</skipassembly>\r