Fix for NexusIQ security vunerabilities

Update and exclude dependencies causing security vunerabilities

Issue-ID: AAI-1614

Change-Id: I301c270f739e1fa97cb63794f5519bceb086f747
Signed-off-by: Michael Reece <michaere@amdocs.com>

diff --git a/champ-lib/champ-core/pom.xml b/champ-lib/champ-core/pom.xml
index 4ce3d5f..38318b0 100644 (file)
--- a/champ-lib/champ-core/pom.xml
+++ b/champ-lib/champ-core/pom.xml
@@ -44,11 +44,6 @@ limitations under the License.
             <groupId>org.onap.aai.event-client</groupId>
             <artifactId>event-client-dmaap</artifactId>
         </dependency>
-
-        <dependency>
-            <groupId>org.onap.aai.event-client</groupId>
-            <artifactId>event-client-kafka</artifactId>
-        </dependency>
         <!-- Event Bus Library - END -->
 
         <dependency>
@@ -103,6 +98,26 @@ limitations under the License.
                     <groupId>com.google.guava</groupId>
                     <artifactId>guava</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.codehaus.jackson</groupId>
+                    <artifactId>jackson-mapper-asl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.hadoop</groupId>
+                    <artifactId>hadoop-yarn-common</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.hadoop</groupId>
+                    <artifactId>hadoop-mapreduce-client-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.commons</groupId>
+                    <artifactId>commons-compress</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-httpclient</groupId>
+                    <artifactId>commons-compress</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 

diff --git a/champ-lib/champ-titan/pom.xml b/champ-lib/champ-titan/pom.xml
index 80ca481..e83ff7c 100644 (file)
--- a/champ-lib/champ-titan/pom.xml
+++ b/champ-lib/champ-titan/pom.xml
@@ -83,6 +83,14 @@ limitations under the License.
                     <groupId>org.apache.httpcomponents</groupId>
                     <artifactId>httpclient</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.codehaus.jackson</groupId>
+                    <artifactId>jackson-mapper-asl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.mindrot</groupId>
+                    <artifactId>jbcrypt</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 

diff --git a/champ-service-deps-janus/pom.xml b/champ-service-deps-janus/pom.xml
index 53c513d..92a74f1 100644 (file)
--- a/champ-service-deps-janus/pom.xml
+++ b/champ-service-deps-janus/pom.xml
@@ -191,6 +191,10 @@ limitations under the License.
                     <groupId>net.jpountz.lz4</groupId>
                     <artifactId>lz4</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.codehaus.jackson</groupId>
+                    <artifactId>jackson-mapper-asl</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 

diff --git a/champ-service-deps-titan/pom.xml b/champ-service-deps-titan/pom.xml
index 0ed7581..35be53e 100644 (file)
--- a/champ-service-deps-titan/pom.xml
+++ b/champ-service-deps-titan/pom.xml
@@ -222,6 +222,14 @@ limitations under the License.
                     <groupId>com.google.guava</groupId>
                     <artifactId>guava</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.codehaus.jackson</groupId>
+                    <artifactId>jackson-mapper-asl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.mindrot</groupId>
+                    <artifactId>jbcrypt</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 

diff --git a/champ-service/pom.xml b/champ-service/pom.xml
index 92d8a36..6a31fb4 100644 (file)
--- a/champ-service/pom.xml
+++ b/champ-service/pom.xml
@@ -39,7 +39,6 @@ limitations under the License.
         <common.logging.groupid>org.onap.aai.logging-service</common.logging.groupid>
         <common.logging.version>1.2.2</common.logging.version>
 
-        <version.com.google.guava>18.0</version.com.google.guava>
         <version.org.apache.commons.commons-lang3>3.7</version.org.apache.commons.commons-lang3>
         <version.org.hamcrest.hamcrest-library>1.3</version.org.hamcrest.hamcrest-library>
         <version.org.springframework.boot.spring-boot-dependencies>1.5.15.RELEASE</version.org.springframework.boot.spring-boot-dependencies>
@@ -123,7 +122,6 @@ limitations under the License.
          <dependency>
           <groupId>com.google.guava</groupId>
           <artifactId>guava</artifactId>
-          <version>${version.com.google.guava}</version>
         </dependency>
 
         <dependency>

diff --git a/pom.xml b/pom.xml
index 0cb6c58..aa31861 100755 (executable)
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@ limitations under the License.
     <parent>
         <groupId>org.onap.oparent</groupId>
         <artifactId>oparent</artifactId>
-        <version>1.1.0</version>
+        <version>1.2.0</version>
     </parent>
 
     <groupId>org.onap.aai</groupId>