Code Review / aai / champ.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 42480c2)
Address security vulnerabilities (fix 2) 95/46195/1
authorMichael Arrastia <MArrasti@amdocs.com>
Fri, 4 May 2018 11:35:16 +0000 (12:35 +0100)
committerMichael Arrastia <MArrasti@amdocs.com>
Fri, 4 May 2018 11:35:16 +0000 (12:35 +0100)
Fixes previously missed dependencies:
- jackson-databind: version 2.8.11.1
- httpclient: version 4.5.3
- jackson-mapper: version 1.9.2

Change-Id: Iae2013bf164a90e910ec1d2cd4ad1185a01bacad
Issue-ID: AAI-1117
Signed-off-by: Michael Arrastia <MArrasti@amdocs.com>
champ-lib/champ-core/pom.xml patch | blob | history
champ-service-deps-titan/pom.xml patch | blob | history
champ-service/pom.xml patch | blob | history
pom.xml patch | blob | history

diff --git a/champ-lib/champ-core/pom.xml b/champ-lib/champ-core/pom.xml
index ee65310..459a1f3 100644 (file)
--- a/champ-lib/champ-core/pom.xml
+++ b/champ-lib/champ-core/pom.xml
@@ -53,13 +53,11 @@ limitations under the License.
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy</artifactId>
-            <version>2.4.12</version>
         </dependency>
 
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.5.3</version>
         </dependency>
 
         <dependency>
diff --git a/champ-service-deps-titan/pom.xml b/champ-service-deps-titan/pom.xml
index a67af1e..749425c 100644 (file)
--- a/champ-service-deps-titan/pom.xml
+++ b/champ-service-deps-titan/pom.xml
@@ -141,6 +141,10 @@ limitations under the License.
                     <groupId>org.apache.httpcomponents</groupId>
                     <artifactId>httpcore</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
diff --git a/champ-service/pom.xml b/champ-service/pom.xml
index 2738dc5..b5294e3 100644 (file)
--- a/champ-service/pom.xml
+++ b/champ-service/pom.xml
@@ -55,6 +55,18 @@ limitations under the License.
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpclient</artifactId>
+                <version>4.5.3</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpclient-cache</artifactId>
+                <version>4.5.3</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
@@ -201,28 +213,6 @@ limitations under the License.
             <groupId>org.onap.dmaap.messagerouter.dmaapclient</groupId>
             <artifactId>dmaapClient</artifactId>
             <version>1.1.5</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.apache.httpcomponents</groupId>
-                    <artifactId>httpclient</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.apache.httpcomponents</groupId>
-                    <artifactId>httpclient-cache</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
-            <version>4.5.3</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient-cache</artifactId>
-            <version>4.5.3</version>
         </dependency>
     </dependencies>
 
diff --git a/pom.xml b/pom.xml
index e829737..0b302ab 100755 (executable)
--- a/pom.xml
+++ b/pom.xml
@@ -125,6 +125,30 @@ limitations under the License.
                 <artifactId>jackson-core</artifactId>
                 <version>2.8.11</version>
             </dependency>
+
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-databind</artifactId>
+                <version>2.8.11.1</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpclient-cache</artifactId>
+                <version>4.5.3</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpclient</artifactId>
+                <version>4.5.3</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.codehaus.groovy</groupId>
+                <artifactId>groovy</artifactId>
+                <version>2.4.15</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>