From 7ac44deeadeca2a3f49643d2e5098deef1af8503 Mon Sep 17 00:00:00 2001
From: Michael Arrastia <MArrasti@amdocs.com>
Date: Fri, 4 May 2018 12:35:16 +0100
Subject: [PATCH] Address security vulnerabilities (fix 2)

Fixes previously missed dependencies:
- jackson-databind: version 2.8.11.1
- httpclient: version 4.5.3
- jackson-mapper: version 1.9.2

Change-Id: Iae2013bf164a90e910ec1d2cd4ad1185a01bacad
Issue-ID: AAI-1117
Signed-off-by: Michael Arrastia <MArrasti@amdocs.com>
---
 champ-lib/champ-core/pom.xml     |  2 --
 champ-service-deps-titan/pom.xml |  4 ++++
 champ-service/pom.xml            | 34 ++++++++++++----------------------
 pom.xml                          | 24 ++++++++++++++++++++++++
 4 files changed, 40 insertions(+), 24 deletions(-)

diff --git a/champ-lib/champ-core/pom.xml b/champ-lib/champ-core/pom.xml
index ee65310..459a1f3 100644
--- a/champ-lib/champ-core/pom.xml
+++ b/champ-lib/champ-core/pom.xml
@@ -53,13 +53,11 @@ limitations under the License.
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy</artifactId>
-            <version>2.4.12</version>
         </dependency>
 
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.5.3</version>
         </dependency>
 
         <dependency>
diff --git a/champ-service-deps-titan/pom.xml b/champ-service-deps-titan/pom.xml
index a67af1e..749425c 100644
--- a/champ-service-deps-titan/pom.xml
+++ b/champ-service-deps-titan/pom.xml
@@ -141,6 +141,10 @@ limitations under the License.
                     <groupId>org.apache.httpcomponents</groupId>
                     <artifactId>httpcore</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
diff --git a/champ-service/pom.xml b/champ-service/pom.xml
index 2738dc5..b5294e3 100644
--- a/champ-service/pom.xml
+++ b/champ-service/pom.xml
@@ -55,6 +55,18 @@ limitations under the License.
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpclient</artifactId>
+                <version>4.5.3</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpclient-cache</artifactId>
+                <version>4.5.3</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
@@ -201,28 +213,6 @@ limitations under the License.
             <groupId>org.onap.dmaap.messagerouter.dmaapclient</groupId>
             <artifactId>dmaapClient</artifactId>
             <version>1.1.5</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.apache.httpcomponents</groupId>
-                    <artifactId>httpclient</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.apache.httpcomponents</groupId>
-                    <artifactId>httpclient-cache</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
-            <version>4.5.3</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient-cache</artifactId>
-            <version>4.5.3</version>
         </dependency>
     </dependencies>
 
diff --git a/pom.xml b/pom.xml
index e829737..0b302ab 100755
--- a/pom.xml
+++ b/pom.xml
@@ -125,6 +125,30 @@ limitations under the License.
                 <artifactId>jackson-core</artifactId>
                 <version>2.8.11</version>
             </dependency>
+
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-databind</artifactId>
+                <version>2.8.11.1</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpclient-cache</artifactId>
+                <version>4.5.3</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpclient</artifactId>
+                <version>4.5.3</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.codehaus.groovy</groupId>
+                <artifactId>groovy</artifactId>
+                <version>2.4.15</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
-- 
2.16.6