security issue: commons-collections

Change-Id: I74a56640065ae6c6a470835ab1022ed0f266fc09
Issue-ID: APPC-665
Signed-off-by: Taka Cho <tc012c@att.com>

diff --git a/appc-client/pom.xml b/appc-client/pom.xml
index 2b3dc11..e90f29b 100644 (file)
--- a/appc-client/pom.xml
+++ b/appc-client/pom.xml
@@ -223,7 +223,6 @@
                 <artifactId>mockito-core</artifactId>\r
                 <scope>test</scope>\r
             </dependency>\r
-\r
         </dependencies>\r
     </dependencyManagement>\r
 \r

diff --git a/appc-config/appc-config-generator/provider/pom.xml b/appc-config/appc-config-generator/provider/pom.xml
index 910ac6d..50a0166 100644 (file)
--- a/appc-config/appc-config-generator/provider/pom.xml
+++ b/appc-config/appc-config-generator/provider/pom.xml
@@ -73,7 +73,18 @@
         <dependency>
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity</artifactId>
-        </dependency>
+            <exclusions>
+                 <exclusion>
+                       <artifactId>commons-collections</artifactId>
+                       <groupId>commons-collections</groupId>
+                  </exclusion>
+            </exclusions>
+         </dependency>
+         <dependency>
+                <groupId>commons-collections</groupId>
+                <artifactId>commons-collections</artifactId>
+                <version>3.2.2</version>
+          </dependency>
 
         <dependency>
             <groupId>com.att.eelf</groupId>

diff --git a/appc-config/appc-data-services/features/src/main/resources/features.xml b/appc-config/appc-data-services/features/src/main/resources/features.xml
index 6bc7cc9..7d58abb 100644 (file)
--- a/appc-config/appc-data-services/features/src/main/resources/features.xml
+++ b/appc-config/appc-data-services/features/src/main/resources/features.xml
@@ -37,7 +37,7 @@
                
                <bundle>mvn:commons-lang/commons-lang/2.6</bundle>
                
-               <bundle>mvn:commons-collections/commons-collections/3.2.1</bundle>
+               <bundle>mvn:commons-collections/commons-collections/3.2.2</bundle>
 
                <bundle>wrap:mvn:com.att.eelf/eelf-core/${eelf.version}</bundle>
                <bundle>mvn:ch.qos.logback/logback-core/${logback.version}</bundle>

diff --git a/appc-directed-graph/appc-dgraph/provider/pom.xml b/appc-directed-graph/appc-dgraph/provider/pom.xml
index 57f905a..0c34f03 100644 (file)
--- a/appc-directed-graph/appc-dgraph/provider/pom.xml
+++ b/appc-directed-graph/appc-dgraph/provider/pom.xml
@@ -79,6 +79,17 @@
             <artifactId>velocity</artifactId>
             <version>1.7</version>
             <scope>test</scope>
+            <exclusions>
+                 <exclusion>
+                      <artifactId>commons-collections</artifactId>
+                      <groupId>commons-collections</groupId>
+                 </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.2.2</version>
         </dependency>
 
         <dependency>

diff --git a/appc-directed-graph/dg-loader/pom.xml b/appc-directed-graph/dg-loader/pom.xml
index 9ad7c76..26c459e 100644 (file)
--- a/appc-directed-graph/dg-loader/pom.xml
+++ b/appc-directed-graph/dg-loader/pom.xml
@@ -46,7 +46,7 @@
         <java.version.source>1.8</java.version.source>
         <java.version.target>1.8</java.version.target>
         <logback.version>1.2.3</logback.version>
-        <common.collections.version>3.2.1</common.collections.version>
+        <commons.collections.version>3.2.2</commons.collections.version>
         <common.io.version>2.5</common.io.version>
         <jettison.version>1.3.7</jettison.version>
         <licenseDir>${project.parent.parent.basedir}</licenseDir>

diff --git a/appc-directed-graph/pom.xml b/appc-directed-graph/pom.xml
index 567e6e8..ec0aaec 100644 (file)
--- a/appc-directed-graph/pom.xml
+++ b/appc-directed-graph/pom.xml
@@ -43,7 +43,7 @@
         <snakeyaml.version>1.12</snakeyaml.version>
         <velocity.version>1.7</velocity.version>
         <jettison.version>1.3.7</jettison.version>
-        <common.collections.version>3.2.1</common.collections.version>
+        <commons.collections.version>3.2.2</commons.collections.version>
         <common.io.version>2.5</common.io.version>
         <tosca.datatype.version>1.1.0</tosca.datatype.version>
         <licenseDir>${project.parent.basedir}</licenseDir>
@@ -92,6 +92,17 @@
                 <groupId>org.apache.velocity</groupId>
                 <artifactId>velocity</artifactId>
                 <version>${velocity.version}</version>
+                <exclusions>
+                     <exclusion>
+                          <artifactId>commons-collections</artifactId>
+                          <groupId>commons-collections</groupId>
+                     </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>commons-collections</groupId>
+                <artifactId>commons-collections</artifactId>
+                <version>{commons.collections.version}</version>
             </dependency>
             <dependency>
                 <groupId>commons-io</groupId>

diff --git a/appc-inbound/appc-design-services/provider/pom.xml b/appc-inbound/appc-design-services/provider/pom.xml
index da027a5..b72f290 100755 (executable)
--- a/appc-inbound/appc-design-services/provider/pom.xml
+++ b/appc-inbound/appc-design-services/provider/pom.xml
@@ -157,6 +157,17 @@
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity</artifactId>
             <version>1.7</version>
+            <exclusions>
+                  <exclusion>
+                        <artifactId>commons-collections</artifactId>
+                        <groupId>commons-collections</groupId>
+                  </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.2.2</version>
         </dependency>
         <dependency>
             <groupId>commons-io</groupId>

diff --git a/appc-inbound/appc-interfaces-service/bundle/pom.xml b/appc-inbound/appc-interfaces-service/bundle/pom.xml
index 9976002..8a4586e 100644 (file)
--- a/appc-inbound/appc-interfaces-service/bundle/pom.xml
+++ b/appc-inbound/appc-interfaces-service/bundle/pom.xml
@@ -141,6 +141,17 @@
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity</artifactId>
             <version>1.7</version>
+            <exclusions>
+                 <exclusion>
+                      <artifactId>commons-collections</artifactId>
+                      <groupId>commons-collections</groupId>
+                 </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.2.2</version>
         </dependency>
         <dependency>
             <groupId>commons-io</groupId>

diff --git a/appc-inbound/pom.xml b/appc-inbound/pom.xml
index 4517fa0..d6373ac 100755 (executable)
--- a/appc-inbound/pom.xml
+++ b/appc-inbound/pom.xml
@@ -37,7 +37,7 @@
         <snakeyaml.version>1.12</snakeyaml.version>
         <velocity.version>1.7</velocity.version>
         <jettison.version>1.3.7</jettison.version>
-        <common.collections.version>3.2.1</common.collections.version>
+        <commons.collections.version>3.2.2</commons.collections.version>
         <common.io.version>2.5</common.io.version>
         <tosca.datatype.version>1.1.0</tosca.datatype.version> 
     </properties>

diff --git a/appc-outbound/appc-network-inventory-client/pom.xml b/appc-outbound/appc-network-inventory-client/pom.xml
index 9007882..0dd2923 100755 (executable)
--- a/appc-outbound/appc-network-inventory-client/pom.xml
+++ b/appc-outbound/appc-network-inventory-client/pom.xml
@@ -37,7 +37,7 @@
        <properties>
                <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
                <logback.version>1.2.3</logback.version>
-               <common.collections.version>3.2.1</common.collections.version>
+               <common.collections.version>3.2.2</common.collections.version>
                <common.io.version>2.5</common.io.version>
                <jettison.version>1.3.7</jettison.version>
                <velocity.version>1.7</velocity.version>

diff --git a/appc-sdc-listener/appc-sdc-listener-bundle/pom.xml b/appc-sdc-listener/appc-sdc-listener-bundle/pom.xml
index 2e61b70..b595252 100644 (file)
--- a/appc-sdc-listener/appc-sdc-listener-bundle/pom.xml
+++ b/appc-sdc-listener/appc-sdc-listener-bundle/pom.xml
@@ -150,9 +150,19 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
                        <groupId>org.apache.velocity</groupId>
                        <artifactId>velocity</artifactId>
                        <version>1.7</version>
-               </dependency>
-
-               <dependency>
+                        <exclusions>
+                             <exclusion>
+                                  <artifactId>commons-collections</artifactId>
+                                  <groupId>commons-collections</groupId>
+                             </exclusion>
+                        </exclusions>
+                 </dependency>
+                 <dependency>
+                     <groupId>commons-collections</groupId>
+                     <artifactId>commons-collections</artifactId>
+                     <version>3.2.2</version>
+                 </dependency>
+                <dependency>
                        <groupId>org.opendaylight.yangtools</groupId>
                        <artifactId>yang-parser-impl</artifactId>
                        <version>${odl.yangtools.version}</version>

diff --git a/appc-sdc-listener/appc-yang-generator/pom.xml b/appc-sdc-listener/appc-yang-generator/pom.xml
index 413698f..0c45afb 100644 (file)
--- a/appc-sdc-listener/appc-yang-generator/pom.xml
+++ b/appc-sdc-listener/appc-yang-generator/pom.xml
@@ -48,6 +48,17 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity</artifactId>
             <version>1.7</version>
+            <exclusions>
+                 <exclusion>
+                      <artifactId>commons-collections</artifactId>
+                      <groupId>commons-collections</groupId>
+                 </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.2.2</version>
         </dependency>
         <dependency>
             <groupId>org.opendaylight.yangtools</groupId>
@@ -94,4 +105,4 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
         </plugins>
     </build>
 
-</project>
\ No newline at end of file
+</project>