Change dependency version for commons-codec and jetty

Issue-ID: VNFSDK-507

Signed-off-by: jitendra sharma <jitendra.sharma1@huawei.com>
Change-Id: I84c98b45f84083bc765fd9205d33cb51dc9f5639

diff --git a/vnfmarket-be/vnf-sdk-marketplace/pom.xml b/vnfmarket-be/vnf-sdk-marketplace/pom.xml
index 327bd2d..cddf21c 100644 (file)
--- a/vnfmarket-be/vnf-sdk-marketplace/pom.xml
+++ b/vnfmarket-be/vnf-sdk-marketplace/pom.xml
@@ -70,32 +70,59 @@
             <version>1.5.19</version>
         </dependency>
         <!-- jersey -->
-
+<!-- excluded jetty-util and added invulnerable version -->
         <dependency>
             <groupId>org.glassfish.jersey.containers</groupId>
             <artifactId>jersey-container-jetty-servlet</artifactId>
             <version>2.24.1</version>
+               <exclusions>
+                <exclusion>
+                   <groupId>org.eclipse.jetty</groupId>
+                   <artifactId>jetty-util</artifactId>
+               </exclusion>
+            </exclusions>
         </dependency>
+<!-- commons-codec excluded due to Security Issues:- Sonatype-2012-0050
+       and added invulnerable commons-codec-1.13  -->
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpmime</artifactId>
             <version>4.5.3</version>
+           <exclusions>
+                <exclusion>
+                    <groupId>commons-codec</groupId>
+                    <artifactId>commons-codec</artifactId>
+                </exclusion>
+           </exclusions>
+        </dependency>
+        <dependency>
+           <groupId>commons-codec</groupId>
+           <artifactId>commons-codec</artifactId>
+           <version>1.13</version>
         </dependency>
         <!-- jetty -->
+<!-- Updated jetty-util,jetty-http,jetty-servlet and jetty-server
+due to Security Issues:- CVE-2019-10241,CVE-2019-10247,CVE-2019-10246
+-->
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-http</artifactId>
-            <version>9.4.11.v20180605</version>
+            <version>9.4.20.v20190813</version>
         </dependency>
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-servlet</artifactId>
-            <version>9.4.11.v20180605</version>
+            <version>9.4.20.v20190813</version>
         </dependency>
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-server</artifactId>
-            <version>9.4.11.v20180605</version>
+            <version>9.4.20.v20190813</version>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-util</artifactId>
+            <version>9.4.20.v20190813</version>
         </dependency>
         <!-- consumer -->
         <dependency>