From 584dfd7712be7c238ef86c8ea4d009a61b33c75c Mon Sep 17 00:00:00 2001 From: vasraz Date: Thu, 3 Mar 2022 11:38:39 +0000 Subject: [PATCH] Update vulnerable dependencies Change-Id: Id1098d2e0aceb3fb507e32994925d36f23ad8517 Signed-off-by: Vasyl Razinkov Issue-ID: SDC-3895 --- asdctool/src/main/java/org/openecomp/sdc/asdctool/App.java | 4 ++-- catalog-be/pom.xml | 12 ++++++++---- catalog-be/src/main/docker/backend/Dockerfile | 2 +- catalog-fe/pom.xml | 4 ++++ catalog-fe/sdc-frontend/Dockerfile | 2 +- .../onap-configuration-management-core/pom.xml | 2 +- integration-tests/pom.xml | 6 +++++- .../dist/sdc-onboard-backend-docker/artifacts/Dockerfile | 2 +- pom.xml | 7 ++++--- utils/webseal-simulator/sdc-simulator/Dockerfile | 2 +- 10 files changed, 28 insertions(+), 15 deletions(-) diff --git a/asdctool/src/main/java/org/openecomp/sdc/asdctool/App.java b/asdctool/src/main/java/org/openecomp/sdc/asdctool/App.java index db541a810c..2f7aa0a213 100644 --- a/asdctool/src/main/java/org/openecomp/sdc/asdctool/App.java +++ b/asdctool/src/main/java/org/openecomp/sdc/asdctool/App.java @@ -22,6 +22,7 @@ package org.openecomp.sdc.asdctool; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; +import org.glassfish.jersey.servlet.ServletContainer; /** * Hello world! @@ -34,7 +35,7 @@ public class App { context.setContextPath("/asdctool"); Server jettyServer = new Server(Integer.valueOf(asdcToolPort)); jettyServer.setHandler(context); - ServletHolder jerseyServlet = context.addServlet(org.glassfish.jersey.servlet.ServletContainer.class, "/*"); + ServletHolder jerseyServlet = context.addServlet(ServletContainer.class.getName(), "/*"); jerseyServlet.setInitOrder(0); // Tells the Jersey Servlet which REST service/class to load. @@ -59,4 +60,3 @@ public class App { } } } - diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml index 8bf5515d87..8cddf173d6 100644 --- a/catalog-be/pom.xml +++ b/catalog-be/pom.xml @@ -603,14 +603,14 @@ esapi ${org.owasp.esapi.version} - - xerces - xercesImpl - log4j log4j + + commons-io + commons-io + commons-fileupload commons-fileupload @@ -627,6 +627,10 @@ xml-apis xml-apis + + xerces + xercesImpl + diff --git a/catalog-be/src/main/docker/backend/Dockerfile b/catalog-be/src/main/docker/backend/Dockerfile index 5e49f57202..902695519b 100644 --- a/catalog-be/src/main/docker/backend/Dockerfile +++ b/catalog-be/src/main/docker/backend/Dockerfile @@ -26,7 +26,7 @@ RUN mkdir $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER USER onap #Download jetty -RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty.version}/jetty-distribution-${jetty.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ +RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty-distribution.version}/jetty-distribution-${jetty-distribution.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ tar xvz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \ rm -rf $JETTY_FOLDER/jetty.tar.gz diff --git a/catalog-fe/pom.xml b/catalog-fe/pom.xml index b1acef904b..e7d6fe65e7 100644 --- a/catalog-fe/pom.xml +++ b/catalog-fe/pom.xml @@ -312,6 +312,10 @@ xml-apis xml-apis + + xerces + xercesImpl + diff --git a/catalog-fe/sdc-frontend/Dockerfile b/catalog-fe/sdc-frontend/Dockerfile index 005e5c9d2b..d0978a9ba8 100644 --- a/catalog-fe/sdc-frontend/Dockerfile +++ b/catalog-fe/sdc-frontend/Dockerfile @@ -26,7 +26,7 @@ RUN mkdir $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER USER onap #Download jetty -RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty.version}/jetty-distribution-${jetty.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ +RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty-distribution.version}/jetty-distribution-${jetty-distribution.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ tar xvz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \ rm -rf $JETTY_FOLDER/jetty.tar.gz RUN sed -i 's/"jetty"/"onap"/g' $JETTY_FOLDER/etc/jetty-setuid.xml diff --git a/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml b/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml index 02d96fdbb7..f72b77655f 100755 --- a/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml +++ b/common/onap-common-configuration-management/onap-configuration-management-core/pom.xml @@ -89,7 +89,7 @@ io.github.classgraph classgraph - 4.8.112 + 4.8.137 com.virtlink.commons diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml index 31abb03d84..a2d03a5815 100644 --- a/integration-tests/pom.xml +++ b/integration-tests/pom.xml @@ -333,8 +333,12 @@ limitations under the License. test - log4j log4j + log4j + + + org.owasp.esapi + esapi diff --git a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile index 012ebeec52..aa9929c2c4 100644 --- a/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile +++ b/openecomp-be/dist/sdc-onboard-backend-docker/artifacts/Dockerfile @@ -27,7 +27,7 @@ RUN mkdir $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER USER onap #Download jetty -RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty.version}/jetty-distribution-${jetty.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ +RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty-distribution.version}/jetty-distribution-${jetty-distribution.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ tar xvz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \ rm -rf $JETTY_FOLDER/jetty.tar.gz RUN sed -i 's/"jetty"/"onap"/g' $JETTY_FOLDER/etc/jetty-setuid.xml diff --git a/pom.xml b/pom.xml index 57affb7922..72d407de72 100644 --- a/pom.xml +++ b/pom.xml @@ -47,7 +47,7 @@ Modifications copyright (c) 2018-2019 Nokia 3.10 30.1-jre 0.3.3 - 5.3.9 + 5.3.13 2.34 4.1.68.Final 4.0.1 @@ -74,7 +74,8 @@ Modifications copyright (c) 2018-2019 Nokia 2.0.1.Final ${servlet-api.version} - 9.4.41.v20210516 + 9.4.45.v20220203 + 9.4.45.v20220203 3.4.4 2.2.0.0 @@ -100,7 +101,7 @@ Modifications copyright (c) 2018-2019 Nokia - 1.2.7 + 1.2.10 1.7.25 1.15 1.2 diff --git a/utils/webseal-simulator/sdc-simulator/Dockerfile b/utils/webseal-simulator/sdc-simulator/Dockerfile index 7406cda9f3..6497ff810f 100644 --- a/utils/webseal-simulator/sdc-simulator/Dockerfile +++ b/utils/webseal-simulator/sdc-simulator/Dockerfile @@ -26,7 +26,7 @@ RUN mkdir $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER USER onap #Download jetty -RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty.version}/jetty-distribution-${jetty.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ +RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty-distribution.version}/jetty-distribution-${jetty-distribution.version}.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \ tar xvz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \ rm -rf $JETTY_FOLDER/jetty.tar.gz RUN sed -i 's/"jetty"/"onap"/g' $JETTY_FOLDER/etc/jetty-setuid.xml -- 2.16.6