From aa6f9acfc15b8836bc4b50bd6bdfa1b06c49d321 Mon Sep 17 00:00:00 2001
From: Michael Reece <michaere@amdocs.com>
Date: Mon, 17 Sep 2018 20:06:37 +0100
Subject: [PATCH] Fix for NexusIQ security vunerabilities

Update and exclude dependencies causing security vunerabilities

Issue-ID: AAI-1614

Change-Id: I301c270f739e1fa97cb63794f5519bceb086f747
Signed-off-by: Michael Reece <michaere@amdocs.com>
---
 champ-lib/champ-core/pom.xml     | 25 ++++++++++++++++++++-----
 champ-lib/champ-titan/pom.xml    |  8 ++++++++
 champ-service-deps-janus/pom.xml |  4 ++++
 champ-service-deps-titan/pom.xml |  8 ++++++++
 champ-service/pom.xml            |  2 --
 pom.xml                          |  2 +-
 6 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/champ-lib/champ-core/pom.xml b/champ-lib/champ-core/pom.xml
index 4ce3d5f..38318b0 100644
--- a/champ-lib/champ-core/pom.xml
+++ b/champ-lib/champ-core/pom.xml
@@ -44,11 +44,6 @@ limitations under the License.
             <groupId>org.onap.aai.event-client</groupId>
             <artifactId>event-client-dmaap</artifactId>
         </dependency>
-
-        <dependency>
-            <groupId>org.onap.aai.event-client</groupId>
-            <artifactId>event-client-kafka</artifactId>
-        </dependency>
         <!-- Event Bus Library - END -->
 
         <dependency>
@@ -103,6 +98,26 @@ limitations under the License.
                     <groupId>com.google.guava</groupId>
                     <artifactId>guava</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.codehaus.jackson</groupId>
+                    <artifactId>jackson-mapper-asl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.hadoop</groupId>
+                    <artifactId>hadoop-yarn-common</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.hadoop</groupId>
+                    <artifactId>hadoop-mapreduce-client-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.commons</groupId>
+                    <artifactId>commons-compress</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-httpclient</groupId>
+                    <artifactId>commons-compress</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
diff --git a/champ-lib/champ-titan/pom.xml b/champ-lib/champ-titan/pom.xml
index 80ca481..e83ff7c 100644
--- a/champ-lib/champ-titan/pom.xml
+++ b/champ-lib/champ-titan/pom.xml
@@ -83,6 +83,14 @@ limitations under the License.
                     <groupId>org.apache.httpcomponents</groupId>
                     <artifactId>httpclient</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.codehaus.jackson</groupId>
+                    <artifactId>jackson-mapper-asl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.mindrot</groupId>
+                    <artifactId>jbcrypt</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
diff --git a/champ-service-deps-janus/pom.xml b/champ-service-deps-janus/pom.xml
index 53c513d..92a74f1 100644
--- a/champ-service-deps-janus/pom.xml
+++ b/champ-service-deps-janus/pom.xml
@@ -191,6 +191,10 @@ limitations under the License.
                     <groupId>net.jpountz.lz4</groupId>
                     <artifactId>lz4</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.codehaus.jackson</groupId>
+                    <artifactId>jackson-mapper-asl</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
diff --git a/champ-service-deps-titan/pom.xml b/champ-service-deps-titan/pom.xml
index 0ed7581..35be53e 100644
--- a/champ-service-deps-titan/pom.xml
+++ b/champ-service-deps-titan/pom.xml
@@ -222,6 +222,14 @@ limitations under the License.
                     <groupId>com.google.guava</groupId>
                     <artifactId>guava</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.codehaus.jackson</groupId>
+                    <artifactId>jackson-mapper-asl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.mindrot</groupId>
+                    <artifactId>jbcrypt</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
diff --git a/champ-service/pom.xml b/champ-service/pom.xml
index 92d8a36..6a31fb4 100644
--- a/champ-service/pom.xml
+++ b/champ-service/pom.xml
@@ -39,7 +39,6 @@ limitations under the License.
         <common.logging.groupid>org.onap.aai.logging-service</common.logging.groupid>
         <common.logging.version>1.2.2</common.logging.version>
 
-        <version.com.google.guava>18.0</version.com.google.guava>
         <version.org.apache.commons.commons-lang3>3.7</version.org.apache.commons.commons-lang3>
         <version.org.hamcrest.hamcrest-library>1.3</version.org.hamcrest.hamcrest-library>
         <version.org.springframework.boot.spring-boot-dependencies>1.5.15.RELEASE</version.org.springframework.boot.spring-boot-dependencies>
@@ -123,7 +122,6 @@ limitations under the License.
          <dependency>
           <groupId>com.google.guava</groupId>
           <artifactId>guava</artifactId>
-          <version>${version.com.google.guava}</version>
         </dependency>
 
         <dependency>
diff --git a/pom.xml b/pom.xml
index 0cb6c58..aa31861 100755
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@ limitations under the License.
     <parent>
         <groupId>org.onap.oparent</groupId>
         <artifactId>oparent</artifactId>
-        <version>1.1.0</version>
+        <version>1.2.0</version>
     </parent>
 
     <groupId>org.onap.aai</groupId>
-- 
2.16.6