From: sa282w <sa282w@att.com>
Date: Fri, 30 Mar 2018 18:09:40 +0000 (-0400)
Subject: Security Vunerabilities
X-Git-Tag: v2.2.0~20
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=78224cb1fbc6052451ad1a759353cc6549b2f230;hp=4be70b62035840deacdb687970e8537c9a459e51;p=portal.git

Security Vunerabilities

Issue-ID: PORTAL-155

Excluded beanshell, nimbus dependency and upgraded the version of
spring-security-web and tomcat-embed-core.

Change-Id: I2f238d8cdeb61084b1a86099c25b5bd8f30d5e93
Signed-off-by: sa282w <sa282w@att.com>
---

diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml
index 733a1017..5ae097d6 100644
--- a/ecomp-portal-BE-common/pom.xml
+++ b/ecomp-portal-BE-common/pom.xml
@@ -625,6 +625,10 @@
              		<groupId>commons-httpclient</groupId>
              		<artifactId>commons-httpclient</artifactId>
             	 </exclusion>
+				 <exclusion>
+        			<groupId>org.beanshell</groupId>
+            		<artifactId>bsh-core</artifactId>
+				 </exclusion>
               </exclusions>
         </dependency>
         <dependency>
diff --git a/ecomp-portal-BE-os/pom.xml b/ecomp-portal-BE-os/pom.xml
index ed42c061..2c96adaa 100644
--- a/ecomp-portal-BE-os/pom.xml
+++ b/ecomp-portal-BE-os/pom.xml
@@ -621,6 +621,10 @@
 					<groupId>org.codehaus.jackson</groupId>
 					<artifactId>jackson-mapper-asl</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>com.nimbusds</groupId>
+					<artifactId>nimbus-jose-jwt</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 <!-- 		<dependency>
@@ -663,7 +667,7 @@
 					<artifactId>*</artifactId>
 				</exclusion>
 			</exclusions>
-		</dependency>
+		</dependency> 
 	</dependencies>
 
 	<reporting>
diff --git a/ecomp-portal-widget-ms/widget-ms/pom.xml b/ecomp-portal-widget-ms/widget-ms/pom.xml
index 5d8896c2..dabc5ac9 100644
--- a/ecomp-portal-widget-ms/widget-ms/pom.xml
+++ b/ecomp-portal-widget-ms/widget-ms/pom.xml
@@ -44,6 +44,12 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>org.springframework.security</groupId>
+    				<artifactId>spring-security-web</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -140,7 +146,7 @@
 		<dependency>
     		<groupId>org.apache.tomcat.embed</groupId>
     		<artifactId>tomcat-embed-core</artifactId>
-    		<version>8.5.13</version>
+    		<version>8.5.28</version>
 		</dependency>
 		<dependency>
 			<groupId>ch.qos.logback</groupId>
@@ -167,6 +173,11 @@
 			<artifactId>jackson-databind</artifactId>
 			<version>2.8.10</version>
 		</dependency>
+		<dependency>
+    		<groupId>org.springframework.security</groupId>
+    		<artifactId>spring-security-web</artifactId>
+    		<version>4.1.4.RELEASE</version>
+		</dependency>
 	</dependencies>
 
 	<build>