Fix the vulnerability issue

Upgrade vulnerable jars with jars without vulnerability

Change-Id: I5cd9073a04db79e173fdd3b85e4712a1cf177531
Issue-ID: SO-458
Signed-off-by: byungwoojun<byung-woo.jun@ericsson.com>

diff --git a/openstack-client-connectors/http-connector/pom.xml b/openstack-client-connectors/http-connector/pom.xml
index 3e29591..d351f68 100644 (file)
--- a/openstack-client-connectors/http-connector/pom.xml
+++ b/openstack-client-connectors/http-connector/pom.xml
@@ -14,8 +14,15 @@
        <dependency>
                <groupId>org.apache.httpcomponents</groupId>
                <artifactId>httpclient</artifactId>
-               <version>4.3.5</version>
+               <!-- <version>4.3.5</version>-->
+                       <version>4.5.5</version>
        </dependency>
+       <!-- bwj: added httpcore -->
+       <dependency>
+               <groupId>org.apache.httpcomponents</groupId>
+               <artifactId>httpcore</artifactId>
+               <version>4.4.4</version>
+       </dependency>
        <dependency>
                <groupId>org.codehaus.jackson</groupId>
                <artifactId>jackson-mapper-asl</artifactId>

diff --git a/openstack-client-connectors/resteasy-connector/pom.xml b/openstack-client-connectors/resteasy-connector/pom.xml
index 09e85c3..67a219d 100644 (file)
--- a/openstack-client-connectors/resteasy-connector/pom.xml
+++ b/openstack-client-connectors/resteasy-connector/pom.xml
@@ -13,18 +13,31 @@
        <dependency>
                <groupId>org.jboss.resteasy</groupId>
                <artifactId>resteasy-jaxrs</artifactId>
-               <version>2.3.2.Final</version>
+                       <!-- replaced with 3.5.0.Final <version>2.3.2.Final</version> -->
+                       <version>3.5.0.Final</version>
        </dependency>
        <dependency>
                <groupId>org.codehaus.jackson</groupId>
                <artifactId>jackson-jaxrs</artifactId>
                <version>1.9.4</version>
        </dependency>
+       <!-- replaced with httpclient and httpcore
        <dependency>
                <groupId>commons-httpclient</groupId>
                <artifactId>commons-httpclient</artifactId>
                <version>3.1</version>
        </dependency>
+       -->
+       <dependency>
+               <groupId>org.apache.httpcomponents</groupId>
+               <artifactId>httpclient</artifactId>
+               <version>4.5.5</version>
+       </dependency>
+         <dependency>
+                 <groupId>org.apache.httpcomponents</groupId>
+                 <artifactId>httpcore</artifactId>
+                 <version>4.4.4</version>
+         </dependency>
   </dependencies>
 
 </project>
\ No newline at end of file

diff --git a/openstack-client-connectors/resteasy-connector/src/main/java/com/woorea/openstack/connector/RESTEasyConnector.java b/openstack-client-connectors/resteasy-connector/src/main/java/com/woorea/openstack/connector/RESTEasyConnector.java
index 58c11e1..e613ad2 100644 (file)
--- a/openstack-client-connectors/resteasy-connector/src/main/java/com/woorea/openstack/connector/RESTEasyConnector.java
+++ b/openstack-client-connectors/resteasy-connector/src/main/java/com/woorea/openstack/connector/RESTEasyConnector.java
@@ -23,7 +23,9 @@ import java.util.Map.Entry;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.ext.ContextResolver;
 
-import org.apache.commons.httpclient.HttpStatus;
+// bwj: changed the HttpStatus package
+//import org.apache.commons.httpclient.HttpStatus;
+import org.apache.http.HttpStatus;
 import org.codehaus.jackson.jaxrs.JacksonJsonProvider;
 import org.codehaus.jackson.map.DeserializationConfig;
 import org.codehaus.jackson.map.ObjectMapper;