Fix the security issue of esr server.

Fix the security issue CVE-2016-3720 and CVE-2017-17485

Change-Id: I3f7d0c4fb841d72e2b463091a5c4b5e5e81f0611
Issue-ID: AAI-592
Signed-off-by: LiZi <li.zi30@zte.com.cn>

diff --git a/esr-mgr/pom.xml b/esr-mgr/pom.xml
index 58d7932..33a0c1c 100644 (file)
--- a/esr-mgr/pom.xml
+++ b/esr-mgr/pom.xml
@@ -141,11 +141,23 @@
         <dependency>
             <groupId>io.swagger</groupId>
             <artifactId>swagger-jersey2-jaxrs</artifactId>
+                       <exclusions>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.dataformat</groupId>
+                                       <artifactId>jackson-dataformat-xml</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
                <dependency>
                        <groupId>com.fasterxml.jackson.core</groupId>
                        <artifactId>jackson-databind</artifactId>
                        <version>2.9.4</version>
+                       <exclusions>
+                <exclusion>
+                    <groupId>com.github.roskart.dropwizard-jaxws</groupId>
+                                       <artifactId>dropwizard-jaxws</artifactId>
+                </exclusion>
+            </exclusions>
                </dependency>
         <!-- jersey -->
         <dependency>