fixing common-collection 3.2.1 security issue

changed pom.xml and features.xml to keep common-collection to 3.2.2

Change-Id: I3ccd44d61f2e58edae9de6d7042cdb752bbd73cb
Issue-ID: APPC-1018
Signed-off-by: Taka Cho <tc012c@att.com>

diff --git a/appc-adapters/appc-chef-adapter/appc-chef-adapter-features/features-appc-chef-adapter/pom.xml b/appc-adapters/appc-chef-adapter/appc-chef-adapter-features/features-appc-chef-adapter/pom.xml
index 5bbdf69..7b7d4d3 100644 (file)
--- a/appc-adapters/appc-chef-adapter/appc-chef-adapter-features/features-appc-chef-adapter/pom.xml
+++ b/appc-adapters/appc-chef-adapter/appc-chef-adapter-features/features-appc-chef-adapter/pom.xml
@@ -43,6 +43,10 @@ limitations under the License.
             <type>xml</type>
             <classifier>features</classifier>
         </dependency>
-
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>1.60</version>
+        </dependency>
     </dependencies>
 </project>

diff --git a/appc-config/appc-config-params/features/src/main/resources/features.xml b/appc-config/appc-config-params/features/src/main/resources/features.xml
index 0e817c3..757a1fc 100644 (file)
--- a/appc-config/appc-config-params/features/src/main/resources/features.xml
+++ b/appc-config/appc-config-params/features/src/main/resources/features.xml
@@ -36,7 +36,7 @@
                <feature>ccsdk-sli</feature>
                
                <bundle>mvn:commons-lang/commons-lang/2.6</bundle>
-               <bundle>mvn:commons-collections/commons-collections/${common.collections.version}</bundle>
+               <bundle>mvn:commons-collections/commons-collections/3.2.2</bundle>
                
                <!-- <bundle>wrap:mvn:org.onap.appc/appc-yang-generator/${project.version}</bundle> -->
                <bundle>wrap:mvn:org.openecomp.sdc.common/openecomp-tosca-datatype/${tosca.datatype.version}</bundle>

diff --git a/appc-config/appc-encryption-tool/features/src/main/resources/features.xml b/appc-config/appc-encryption-tool/features/src/main/resources/features.xml
index b465669..a88ef3e 100644 (file)
--- a/appc-config/appc-encryption-tool/features/src/main/resources/features.xml
+++ b/appc-config/appc-encryption-tool/features/src/main/resources/features.xml
@@ -37,7 +37,7 @@
 
         <bundle>mvn:commons-lang/commons-lang/2.6</bundle>
         <bundle>mvn:org.apache.velocity/velocity/${velocity.version}</bundle>
-        <bundle>mvn:commons-collections/commons-collections/${common.collections.version}</bundle>
+        <bundle>mvn:commons-collections/commons-collections/3.2.2</bundle>
         <bundle>mvn:org.onap.appc/appc-config-encryption-tool-provider/${project.version}</bundle>
     </feature>
 </features>

diff --git a/appc-config/appc-flow-controller/features/src/main/resources/features.xml b/appc-config/appc-flow-controller/features/src/main/resources/features.xml
index 2ab6ba2..424abd8 100644 (file)
--- a/appc-config/appc-flow-controller/features/src/main/resources/features.xml
+++ b/appc-config/appc-flow-controller/features/src/main/resources/features.xml
@@ -33,7 +33,7 @@
                <feature>ccsdk-sli</feature>
                
                <bundle>mvn:commons-lang/commons-lang/2.6</bundle>
-               <bundle>mvn:commons-collections/commons-collections/${common.collections.version}</bundle>
+               <bundle>mvn:commons-collections/commons-collections/3.2.2</bundle>
                
                <bundle>mvn:org.onap.appc/appc-config-flow-controller-provider/${project.version}</bundle>
        </feature>

diff --git a/appc-config/pom.xml b/appc-config/pom.xml
index a70a355..0c8165c 100644 (file)
--- a/appc-config/pom.xml
+++ b/appc-config/pom.xml
@@ -38,7 +38,7 @@
         <snakeyaml.version>1.12</snakeyaml.version>
         <velocity.version>1.7</velocity.version>
         <jettison.version>1.3.7</jettison.version>
-        <common.collections.version>3.2.1</common.collections.version>
+        <common.collections.version>3.2.2</common.collections.version>
         <common.io.version>2.5</common.io.version>
 
         <tosca.datatype.version>1.1.0</tosca.datatype.version>

diff --git a/appc-outbound/appc-aai-client/features/src/main/resources/features.xml b/appc-outbound/appc-aai-client/features/src/main/resources/features.xml
index 1043da2..6a8826d 100644 (file)
--- a/appc-outbound/appc-aai-client/features/src/main/resources/features.xml
+++ b/appc-outbound/appc-aai-client/features/src/main/resources/features.xml
@@ -39,7 +39,7 @@
                <feature>ccsdk-aai-service</feature>
                <bundle>mvn:commons-lang/commons-lang/2.6</bundle>
                <!-- <bundle>mvn:org.apache.velocity/velocity/${velocity.version}</bundle> -->
-               <bundle>mvn:commons-collections/commons-collections/3.2.1</bundle> 
+               <bundle>mvn:commons-collections/commons-collections/3.2.2</bundle> 
                <bundle>mvn:org.onap.appc/appc-aai-client-provider/${project.version}</bundle>
        </feature>
 </features>

diff --git a/appc-outbound/appc-network-inventory-client/features/src/main/resources/features.xml b/appc-outbound/appc-network-inventory-client/features/src/main/resources/features.xml
index 276a275..0effc0d 100644 (file)
--- a/appc-outbound/appc-network-inventory-client/features/src/main/resources/features.xml
+++ b/appc-outbound/appc-network-inventory-client/features/src/main/resources/features.xml
@@ -36,7 +36,7 @@
                <feature>ccsdk-sli</feature>
                
                <bundle>mvn:commons-lang/commons-lang/2.6</bundle>
-               <bundle>mvn:commons-collections/commons-collections/${common.collections.version}</bundle>              
+               <bundle>mvn:commons-collections/commons-collections/3.2.2</bundle>              
                <bundle>wrap:mvn:com.att.eelf/eelf-core/${eelf.version}</bundle>
                <bundle>mvn:com.sun.jersey/jersey-client/1.17</bundle>
                <bundle>mvn:ch.qos.logback/logback-core/${logback.version}</bundle>

diff --git a/appc-parent/single-feature-parent/pom.xml b/appc-parent/single-feature-parent/pom.xml
index fb3a344..ee2c582 100644 (file)
--- a/appc-parent/single-feature-parent/pom.xml
+++ b/appc-parent/single-feature-parent/pom.xml
@@ -37,7 +37,7 @@ limitations under the License.
     
     <properties>
         <skip.karaf.featureTest>true</skip.karaf.featureTest>
-        <commons.collections.version>3.2.1</commons.collections.version>
+        <commons.collections.version>3.2.2</commons.collections.version>
         <snakeyaml.version>1.12</snakeyaml.version>
         <tosca.datatype.version>1.1.0</tosca.datatype.version>
         <velocity.version>1.7</velocity.version>

diff --git a/appc-sequence-generator/appc-sequence-generator-bundle/pom.xml b/appc-sequence-generator/appc-sequence-generator-bundle/pom.xml
index 77390a0..91bb687 100644 (file)
--- a/appc-sequence-generator/appc-sequence-generator-bundle/pom.xml
+++ b/appc-sequence-generator/appc-sequence-generator-bundle/pom.xml
@@ -200,7 +200,18 @@
            <groupId>org.apache.velocity</groupId>
             <artifactId>velocity</artifactId>
            <version>1.7</version>
-           </dependency>
+            <exclusions>
+                 <exclusion>
+                      <artifactId>commons-collections</artifactId>
+                      <groupId>commons-collections</groupId>
+                 </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.2.2</version>
+        </dependency>
          <dependency>
             <groupId>org.onap.ccsdk.sli.adaptors</groupId>
             <artifactId>sql-resource-provider</artifactId>