Fix vulnerabilities in schema-service

- update snakeyaml
- exclude spring-kafka from aai-common since it is vulnerable
  and not used in this code

Issue-ID: AAI-4135
Change-Id: Ia9fc28953ec01babaf77a52e9015f03d2aedd16b
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>

diff --git a/aai-annotations/pom.xml b/aai-annotations/pom.xml
index 16bd044..44c140c 100644 (file)
--- a/aai-annotations/pom.xml
+++ b/aai-annotations/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.onap.aai.schema-service</groupId>
         <artifactId>schema-service</artifactId>
-        <version>1.12.8-SNAPSHOT</version>
+        <version>1.12.9-SNAPSHOT</version>
     </parent>
     <artifactId>aai-annotations</artifactId>
     <name>aai-annotations</name>

diff --git a/aai-queries/pom.xml b/aai-queries/pom.xml
index 5db11c0..57f9759 100644 (file)
--- a/aai-queries/pom.xml
+++ b/aai-queries/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.onap.aai.schema-service</groupId>
         <artifactId>schema-service</artifactId>
-        <version>1.12.8-SNAPSHOT</version>
+        <version>1.12.9-SNAPSHOT</version>
     </parent>
     <artifactId>aai-queries</artifactId>
     <name>aai-queries</name>
@@ -105,8 +105,8 @@
                     <artifactId>aai-aaf-auth</artifactId>
                 </exclusion>
                 <exclusion>
-                    <groupId>junit</groupId>
-                    <artifactId>junit</artifactId>
+                    <groupId>org.springframework.kafka</groupId>
+                    <artifactId>spring-kafka</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>

diff --git a/aai-schema-gen/pom.xml b/aai-schema-gen/pom.xml
index 806a717..81d0e37 100644 (file)
--- a/aai-schema-gen/pom.xml
+++ b/aai-schema-gen/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.onap.aai.schema-service</groupId>
         <artifactId>schema-service</artifactId>
-        <version>1.12.8-SNAPSHOT</version>
+        <version>1.12.9-SNAPSHOT</version>
     </parent>
     <artifactId>aai-schema-gen</artifactId>
     <name>aai-schema-gen</name>
@@ -650,7 +650,7 @@
         <dependency>
             <groupId>org.yaml</groupId>
             <artifactId>snakeyaml</artifactId>
-            <version>2.3</version>
+            <version>2.4</version>
             <scope>compile</scope>
         </dependency>
         <dependency>

diff --git a/aai-schema-service/pom.xml b/aai-schema-service/pom.xml
index f4ec45e..00f7778 100644 (file)
--- a/aai-schema-service/pom.xml
+++ b/aai-schema-service/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.onap.aai.schema-service</groupId>
         <artifactId>schema-service</artifactId>
-        <version>1.12.8-SNAPSHOT</version>
+        <version>1.12.9-SNAPSHOT</version>
     </parent>
     <groupId>org.onap.aai.schema-service</groupId>
     <artifactId>aai-schema-service</artifactId>
@@ -42,7 +42,7 @@
         <docker.push.registry>localhost:5000</docker.push.registry>
         <aai.docker.version>1.0.0</aai.docker.version>
 
-        <logback.version>1.2.7</logback.version>
+        <logback.version>1.2.13</logback.version>
 
         <!--
              Location where assembly of our scripts, resources and main jar will be held
@@ -279,10 +279,12 @@
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
+            <version>${logback.version}</version>
         </dependency>
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-access</artifactId>
+            <version>${logback.version}</version>
         </dependency>
         <dependency>
             <groupId>com.google.guava</groupId>
@@ -331,8 +333,8 @@
                     <artifactId>aai-schema-ingest</artifactId>
                 </exclusion>
                 <exclusion>
-                    <groupId>junit</groupId>
-                    <artifactId>junit</artifactId>
+                    <groupId>org.springframework.kafka</groupId>
+                    <artifactId>spring-kafka</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>

diff --git a/aai-schema/pom.xml b/aai-schema/pom.xml
index 0841a2c..02b6e2d 100644 (file)
--- a/aai-schema/pom.xml
+++ b/aai-schema/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.onap.aai.schema-service</groupId>
         <artifactId>schema-service</artifactId>
-        <version>1.12.8-SNAPSHOT</version>
+        <version>1.12.9-SNAPSHOT</version>
     </parent>
     <artifactId>aai-schema</artifactId>
     <name>aai-schema</name>

diff --git a/pom.xml b/pom.xml
index 8ca6ee6..c9083f2 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -30,7 +30,7 @@
     </parent>
     <groupId>org.onap.aai.schema-service</groupId>
     <artifactId>schema-service</artifactId>
-    <version>1.12.8-SNAPSHOT</version>
+    <version>1.12.9-SNAPSHOT</version>
     <name>aai-schema-service</name>
     <packaging>pom</packaging>
     <modules>

diff --git a/version.properties b/version.properties
index 76edf57..293440b 100644 (file)
--- a/version.properties
+++ b/version.properties
@@ -4,7 +4,7 @@
 # because they are used in Jenkins, whose plug-in doesn't support
 major_version=1
 minor_version=12
-patch_version=8
+patch_version=9
 
 base_version=${major_version}.${minor_version}.${patch_version}
 # Release must be completed with GIT information # in Jenkins