Code Review / aai / gizmo.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 92927f8)
Address critical security issues 57/45657/1
authorRavi Geda <gravik@amdocs.com>
Wed, 2 May 2018 14:26:46 +0000 (15:26 +0100)
committerRavi Geda <gravik@amdocs.com>
Wed, 2 May 2018 14:26:46 +0000 (15:26 +0100)
Address security vulnerabilities identified by Nexus IQ

Change-Id: I0a795bb0c0e8a53438b83e8aadce72a316163cc4
Issue-ID: AAI-1116
Signed-off-by: Ravi Geda <gravik@amdocs.com>
pom.xml patch | blob | history

diff --git a/pom.xml b/pom.xml
index 636f422..cdee8e9 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -77,6 +77,12 @@ limitations under the License.
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
+            <exclusions>
+               <exclusion>
+                       <groupId>ch.qos.logback</groupId>
+                       <artifactId>logback-classic</artifactId>
+               </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -91,6 +97,22 @@ limitations under the License.
             <artifactId>cxf-rt-frontend-jaxrs</artifactId>
             <version>3.2.4</version>
         </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>1.2.3</version>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
+            <version>1.2.3</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-classic</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency> 
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
@@ -104,7 +126,7 @@ limitations under the License.
         <dependency>
             <groupId>org.codehaus.jackson</groupId>
             <artifactId>jackson-mapper-asl</artifactId>
-            <version>1.9.13</version>
+            <version>1.4.5</version>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
@@ -267,7 +289,7 @@ limitations under the License.
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.5</version>
+            <version>4.5.3</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>