[DCAEGEN2] Vulnerability addressal for KPI-Computation MS

Issue-ID: DCAEGEN2-3047
Signed-off-by: denilson.l65 <denilson.l65@wipro.com>
Change-Id: Ia795b086353d84f65be57c9bbb1c4b7758231ea5

diff --git a/components/kpi-computation-ms/Changelog.md b/components/kpi-computation-ms/Changelog.md
index a153064..a094d17 100644 (file)
--- a/components/kpi-computation-ms/Changelog.md
+++ b/components/kpi-computation-ms/Changelog.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.0.4]
+### Changed
+* Fix security vulnerability issues (DCAEGEN2-3047)
+
 ## [1.0.3]
 ### Changed
 * Add KpiComputation for SUMRATIO operation (DCAEGEN2-2989)

diff --git a/components/kpi-computation-ms/pom.xml b/components/kpi-computation-ms/pom.xml
index a0265c0..c67ece8 100644 (file)
--- a/components/kpi-computation-ms/pom.xml
+++ b/components/kpi-computation-ms/pom.xml
@@ -2,7 +2,7 @@
 <!--
   ~ ============LICENSE_START=======================================================
   ~ Copyright (c) 2021 China Mobile. All rights reserved.
-  ~ Copyright (c) 2021 Wipro Limited.
+  ~ Copyright (c) 2021-2022 Wipro Limited.
   ~ ================================================================================ 
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@
 
     <groupId>org.onap.dcaegen2.services.components</groupId>
     <artifactId>kpi-ms</artifactId>
-    <version>1.0.1-SNAPSHOT</version>
+    <version>1.0.4-SNAPSHOT</version>
     <name>dcaegen2-services-kpi-computation-ms</name>
     <description>Kpi ms</description>
     <packaging>jar</packaging>
@@ -51,11 +51,11 @@
             ${project.reporting.outputDirectory}/jacoco-ut/jacoco.xml
         </sonar.coverage.jacoco.xmlReportPaths>
         <lombok.version>1.18.4</lombok.version>
-        <undertow.version>2.2.8.Final</undertow.version>
+        <undertow.version>2.2.14.Final</undertow.version>
         <xml.version>2.3.1</xml.version>
         <jaxb.version>2.3.0.1</jaxb.version>
         <docker.repository>nexus3.onap.org:10003</docker.repository>
-        <spring.version>5.3.7</spring.version>
+        <spring.version>5.3.14</spring.version>
         <junit.version>5.3.2</junit.version>
         <mockito.version>2.23.4</mockito.version>
         <mockito-ju5-ext.version>2.23.4</mockito-ju5-ext.version>
@@ -132,7 +132,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-core</artifactId>
-            <version>2.11.0</version>
+            <version>2.12.6</version>
         </dependency>
         <dependency>
             <groupId>net.javacrumbs.json-unit</groupId>
@@ -297,6 +297,12 @@
             <artifactId>openpojo</artifactId>
             <version>0.8.10</version>
         </dependency>
+       <!-- https://mvnrepository.com/artifact/ch.qos.logback/logback-core -->
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
+            <version>1.2.10</version>
+        </dependency>
     </dependencies>
 
     <build>

diff --git a/components/kpi-computation-ms/version.properties b/components/kpi-computation-ms/version.properties
index a631149..ada000a 100644 (file)
--- a/components/kpi-computation-ms/version.properties
+++ b/components/kpi-computation-ms/version.properties
@@ -20,7 +20,7 @@
 ###############################################################################
 major=1
 minor=0
-patch=1
+patch=4
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT