Replace Jackson Spring-Boot dependencies with GSON

Submodule: FProxy service

By default, Spring-Boot uses Jackson dependencies to marshall/unmarshall
JSON. However, all current releases of Jackson contain security
vulnerabilities.

This change will configure Spring-Boot to use the GSON library instead
of Jackson, which contains no security vulnerabilities.

Change-Id: Ifd36d2ddb79fa5da9310e1872f8936ab7ae91073
Issue-ID: AAF-693
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>

diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml
index 2608254..e0395b8 100644 (file)
--- a/sidecar/fproxy/pom.xml
+++ b/sidecar/fproxy/pom.xml
@@ -70,13 +70,22 @@
                                        <groupId>org.springframework.boot</groupId>
                                        <artifactId>spring-boot-starter-tomcat</artifactId>
                                </exclusion>
-                       </exclusions>                   
+                               <exclusion>
+                                       <groupId>org.springframework.boot</groupId>
+                                       <artifactId>spring-boot-starter-json</artifactId>
+                               </exclusion>
+                       </exclusions>
                </dependency>
 
                <dependency>
                        <groupId>org.springframework.boot</groupId>
                        <artifactId>spring-boot-starter-test</artifactId>
                </dependency>
+
+               <dependency>
+                       <groupId>com.google.code.gson</groupId>
+                       <artifactId>gson</artifactId>
+               </dependency>
        </dependencies>
 
        <build>