Fix security issues

author Sonsino, Ofir (os0695) <os0695@intl.att.com>

Mon, 19 Mar 2018 16:37:37 +0000 (18:37 +0200)

committer Sonsino, Ofir (os0695) <os0695@intl.att.com>

Mon, 19 Mar 2018 16:57:05 +0000 (18:57 +0200)
author Sonsino, Ofir (os0695) <os0695@intl.att.com>
Mon, 19 Mar 2018 16:37:37 +0000 (18:37 +0200)
committer Sonsino, Ofir (os0695) <os0695@intl.att.com>
Mon, 19 Mar 2018 16:57:05 +0000 (18:57 +0200)
diff --git a/epsdk-app-onap/pom.xml b/epsdk-app-onap/pom.xml

index e47afe7..67f9a08 100755 (executable)
--- a/epsdk-app-onap/pom.xml
+++ b/epsdk-app-onap/pom.xml
@@ -18,7 +18,7 @@
                 <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>\r
                 <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>\r
                 <epsdk.version>2.1.0</epsdk.version>\r
-               <springframework.version>4.2.0.RELEASE</springframework.version>\r
+               <springframework.version>4.2.2.RELEASE</springframework.version>\r
                 <hibernate.version>4.3.11.Final</hibernate.version>\r
                 <!-- Skip assembling the zip; assemble via mvn -Dskipassembly=false .. -->\r
                 <skipassembly>true</skipassembly>\r
@@ -307,6 +307,43 @@
                         <artifactId>eelf-core</artifactId>\r
                         <version>1.0.0</version>\r
                 </dependency>\r
+               <!--Overide versions for latest security fixes-->\r
+               <dependency>\r
+                       <groupId>ch.qos.logback</groupId>\r
+                       <artifactId>logback-core</artifactId>\r
+                       <version>1.2.3</version>\r
+               </dependency>\r
+               <dependency>\r
+                       <groupId>ch.qos.logback</groupId>\r
+                       <artifactId>logback-classic</artifactId>\r
+                       <version>1.2.3</version>\r
+               </dependency>\r
+               <dependency>\r
+                       <groupId>commons-collections</groupId>\r
+                       <artifactId>commons-collections</artifactId>\r
+                       <version>3.2.1</version>\r
+               </dependency>\r
+               <dependency>\r
+                       <groupId>commons-fileupload</groupId>\r
+                       <artifactId>commons-fileupload</artifactId>\r
+                       <version>1.3.2</version>\r
+               </dependency>\r
+               <dependency>\r
+                       <groupId>org.bouncycastle</groupId>\r
+                       <artifactId>bcprov-jdk16</artifactId>\r
+                       <version>1.46</version>\r
+               </dependency>\r
+               <dependency>\r
+                       <groupId>xalan</groupId>\r
+                       <artifactId>xalan</artifactId>\r
+                       <version>2.7.1</version>\r
+               </dependency>\r
+               <dependency>\r
+                       <groupId>org.apache.poi</groupId>\r
+                       <artifactId>poi</artifactId>\r
+                       <version>3.8</version>\r
+               </dependency>\r
+\r
                 <dependency>\r
                         <groupId>org.onap.vid</groupId>\r
                         <artifactId>vid-app-common</artifactId>\r
@@ -334,7 +371,7 @@
                 <dependency>\r
                         <groupId>com.fasterxml.jackson.core</groupId>\r
                         <artifactId>jackson-databind</artifactId>\r
-                       <version>2.6.3</version>\r
+                       <version>2.6.7.1</version>\r
                 </dependency>\r
                 <dependency>\r
                         <groupId>com.mchange</groupId>\r
diff --git a/vid-app-common/pom.xml b/vid-app-common/pom.xml

index c52e872..5d79a50 100755 (executable)
--- a/vid-app-common/pom.xml
+++ b/vid-app-common/pom.xml
@@ -19,7 +19,7 @@
                 <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>\r
                 <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>\r
                 <epsdk.version>2.1.0</epsdk.version>\r
-               <springframework.version>4.2.0.RELEASE</springframework.version>\r
+               <springframework.version>4.2.2.RELEASE</springframework.version>\r
                 <hibernate.version>4.3.11.Final</hibernate.version>\r
                 <!-- Skip assembling the zip by default -->\r
                 <skipassembly>true</skipassembly>\r
@@ -287,6 +287,16 @@
                         <artifactId>eelf-core</artifactId>\r
                         <version>1.0.0</version>\r
                 </dependency>\r
+               <dependency>\r
+                       <groupId>ch.qos.logback</groupId>\r
+                       <artifactId>logback-core</artifactId>\r
+                       <version>1.2.3</version>\r
+               </dependency>\r
+               <dependency>\r
+                       <groupId>ch.qos.logback</groupId>\r
+                       <artifactId>logback-classic</artifactId>\r
+                       <version>1.2.3</version>\r
+               </dependency>\r
  \r
                 <!-- Mapper -->\r
                 <dependency>\r
@@ -302,7 +312,7 @@
                 <dependency>\r
                         <groupId>com.fasterxml.jackson.core</groupId>\r
                         <artifactId>jackson-databind</artifactId>\r
-                       <version>2.6.3</version>\r
+                       <version>2.6.7.1</version>\r
                 </dependency>\r
                 <dependency>\r
                         <groupId>org.codehaus.jackson</groupId>\r
author	Sonsino, Ofir (os0695) <os0695@intl.att.com>
	Mon, 19 Mar 2018 16:37:37 +0000 (18:37 +0200)
committer	Sonsino, Ofir (os0695) <os0695@intl.att.com>
	Mon, 19 Mar 2018 16:57:05 +0000 (18:57 +0200)
epsdk-app-onap/pom.xml		patch \| blob \| history
vid-app-common/pom.xml		patch \| blob \| history