Update third party dependencies

Updated the following dependencies based on guidance from SECCOM:

    com.fasterxml.jackson.core : jackson-databind : 2.9.8 -> 2.11.0
    org.springframework : spring-web : 4.3.22.RELEASE -> 5.2.7.RELEASE
    org.springframework : spring-webmvc : 4.3.22.RELEASE -> 5.2.7.RELEASE
    com.mchange : c3p0 : 0.9.5.3 -> 0.9.5.5

Also, updated jsp tag library from javax.servlet:jstl:1.2 to org.glassfish.web:javax.servlet.jsp.jstl:1.2.5 to remediate vulnerability.

Change-Id: I48c5bc6944eab469c120b7aae8876721b989f443
Issue-ID: CCSDK-2855
Signed-off-by: Dan Timoney <dtimoney@att.com>

diff --git a/ccsdk-app-common/pom.xml b/ccsdk-app-common/pom.xml
index 95abf22..d87dbb7 100644 (file)
--- a/ccsdk-app-common/pom.xml
+++ b/ccsdk-app-common/pom.xml
@@ -6,19 +6,19 @@
        <parent>
                <groupId>org.onap.ccsdk.dashboard</groupId>
                <artifactId>ccsdk-app-parent</artifactId>
-               <version>1.4.0-SNAPSHOT</version>
+               <version>1.4.1-SNAPSHOT</version>
        </parent>
 
        <groupId>org.onap.ccsdk.dashboard</groupId>
        <artifactId>ccsdk-app-common</artifactId>
-       <version>1.4.0-SNAPSHOT</version>
+       <version>1.4.1-SNAPSHOT</version>
        <packaging>jar</packaging>
        <name>DCAE Dashboard common</name>
        <description>CCSDK Dashboard common Java code</description>
 
        <properties>
                <encoding>UTF-8</encoding>
-               <springframework.version>4.3.22.RELEASE</springframework.version>
+               <springframework.version>5.2.7.RELEASE</springframework.version>
                <hibernate.version>4.3.11.Final</hibernate.version>
                <eelf.version>1.0.0</eelf.version>
                <epsdk.version>2.6.0</epsdk.version>
@@ -27,7 +27,7 @@
                <releaseNexusPath>content/repositories/releases/</releaseNexusPath>
                <stagingNexusPath>/content/repositories/staging/</stagingNexusPath>
                <skipTests>false</skipTests>
-               <jackson.version>2.9.8</jackson.version>
+               <jackson.version>2.11.0</jackson.version>
                <sonar.coverage.jacoco.xmlReportPaths> 
                        ${project.reporting.outputDirectory}/jacoco-ut/jacoco.xml
        </sonar.coverage.jacoco.xmlReportPaths>
@@ -241,7 +241,7 @@
                <dependency>
                        <groupId>com.mchange</groupId>
                        <artifactId>c3p0</artifactId>
-                       <version>0.9.5.3</version>
+                       <version>0.9.5.5</version>
                </dependency>
                <dependency>
                        <groupId>javax.servlet</groupId>

diff --git a/ccsdk-app-os/pom.xml b/ccsdk-app-os/pom.xml
index b4ee44b..9d87486 100644 (file)
--- a/ccsdk-app-os/pom.xml
+++ b/ccsdk-app-os/pom.xml
@@ -7,19 +7,19 @@
        <parent>
                <groupId>org.onap.ccsdk.dashboard</groupId>
                <artifactId>ccsdk-app-parent</artifactId>
-               <version>1.4.0-SNAPSHOT</version>
+               <version>1.4.1-SNAPSHOT</version>
        </parent>
 
        <groupId>org.onap.ccsdk.dashboard</groupId>
        <artifactId>ccsdk-app-os</artifactId>
-       <version>1.4.0-SNAPSHOT</version>
+       <version>1.4.1-SNAPSHOT</version>
        <packaging>war</packaging>
        <name>DCAE Dashboard</name>
        <description>CCSDK Dashboard Web Application for external release</description>
 
        <properties>
                <encoding>UTF-8</encoding>
-               <springframework.version>4.3.22.RELEASE</springframework.version>
+               <springframework.version>5.2.7.RELEASE</springframework.version>
                <hibernate.version>4.3.11.Final</hibernate.version>
                <epsdk.version>2.6.0</epsdk.version>
                <ccsdk.version>${project.version}</ccsdk.version>

diff --git a/ccsdk-app-overlay/pom.xml b/ccsdk-app-overlay/pom.xml
index 7e77cb1..4a6ec33 100644 (file)
--- a/ccsdk-app-overlay/pom.xml
+++ b/ccsdk-app-overlay/pom.xml
@@ -7,12 +7,12 @@
        <parent>
                <groupId>org.onap.ccsdk.dashboard</groupId>
                <artifactId>ccsdk-app-parent</artifactId>
-               <version>1.4.0-SNAPSHOT</version>
+               <version>1.4.1-SNAPSHOT</version>
        </parent>
 
        <groupId>org.onap.ccsdk.dashboard</groupId>
        <artifactId>ccsdk-app-overlay</artifactId>
-       <version>1.4.0-SNAPSHOT</version>
+       <version>1.4.1-SNAPSHOT</version>
        <packaging>war</packaging>
        <name>DCAE Dashboard overlay</name>
        <description>CCSDK Dashboard web resources</description>
@@ -31,9 +31,9 @@
                        <version>3.1.0</version>
                </dependency>
                <dependency>
-                       <groupId>javax.servlet</groupId>
-                       <artifactId>jstl</artifactId>
-                       <version>1.2</version>
+                       <groupId>org.glassfish.web</groupId>
+                       <artifactId>javax.servlet.jsp.jstl</artifactId>
+                       <version>1.2.5</version>
                </dependency>
        </dependencies>
 

diff --git a/pom.xml b/pom.xml
index 180e0dc..35524f3 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -14,7 +14,7 @@
     <!-- Maven parent project for convenience of building and cleaning -->
     <groupId>org.onap.ccsdk.dashboard</groupId>
     <artifactId>ccsdk-app-parent</artifactId>
-    <version>1.4.0-SNAPSHOT</version>
+    <version>1.4.1-SNAPSHOT</version>
     <packaging>pom</packaging>
     <name>ccsdk-dashboard</name>
     

diff --git a/version.properties b/version.properties
index 668657e..eff345c 100644 (file)
--- a/version.properties
+++ b/version.properties
@@ -4,7 +4,7 @@
 
 major=1
 minor=4
-patch=0
+patch=1
 
 base_version=${major}.${minor}.${patch}