Code Review / cli.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 7343d9b)
Change dependency version for httpclient 97/101897/2
authorjitendra sharma <jitendra.sharma1@huawei.com>
Tue, 18 Feb 2020 11:12:17 +0000 (11:12 +0000)
committerKanagaraj Manickam <kanagaraj.manickam@huawei.com>
Fri, 21 Feb 2020 04:51:51 +0000 (04:51 +0000)
Issue-ID: CLI-246

Signed-off-by: jitendra sharma <jitendra.sharma1@huawei.com>
Change-Id: Ie4b71259559927f485095021b6e87780698e9c92

profiles/http/pom.xml patch | blob | history
profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java patch | blob | history

diff --git a/profiles/http/pom.xml b/profiles/http/pom.xml
index b8563e4..9268895 100644 (file)
--- a/profiles/http/pom.xml
+++ b/profiles/http/pom.xml
@@ -37,11 +37,27 @@
             <artifactId>cli-sample-mock-generator</artifactId>
             <version>${project.version}</version>
         </dependency>
+<!--Change version from 4.3.5 to 4.5.7 due to sonatype-2017-
+0359 and CVE-2015-526.
+Excluded commons-codec vulnerable version and added invulnerable version
+
+ -->
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.3.5</version>
+            <version>4.5.7</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-codec</groupId>
+                    <artifactId>commons-codec</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
+      <dependency>
+          <groupId>commons-codec</groupId>
+          <artifactId>commons-codec</artifactId>
+          <version>1.13</version>
+      </dependency>
         <dependency>
           <groupId>org.apache.httpcomponents</groupId>
           <artifactId>httpmime</artifactId>
diff --git a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java
index 3f426bf..e892447 100644 (file)
--- a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java
+++ b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java
@@ -35,7 +35,8 @@ import javax.net.ssl.X509TrustManager;
 import org.apache.http.Header;
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpResponse;
-import org.apache.http.annotation.NotThreadSafe;
+import org.apache.http.annotation.Contract;
+import org.apache.http.annotation.ThreadingBehavior;
 import org.apache.http.client.CookieStore;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.config.RequestConfig;
@@ -372,7 +373,7 @@ public class OnapHttpConnection {
         }
     }
 
-    @NotThreadSafe
+     @Contract(threading = ThreadingBehavior.UNSAFE) 
     static class HttpDeleteWithBody extends HttpEntityEnclosingRequestBase {
 
         public HttpDeleteWithBody() {
Provides required Command Line Interface for ONAP