Fix SDK Vulnerabilities

Issue-ID: DCAEGEN2-3220
Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com>
Change-Id: Ic7df50fd22900bc680f7fff01871625ce809b4b5

diff --git a/Changelog.md b/Changelog.md
index 3df29f3..31994d1 100644 (file)
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.8.10] - 2022/07/29
+### Added
+    - [DCAEGEN2-3220] (https://jira.onap.org/browse/DCAEGEN2-3220) - Fix SDK Vulnerability. Top up Spring-Boot version to 2.7.2
+
 ## [1.8.9] - 2022/07/15
 ### Added
     - [DCAEGEN2-3223] (https://jira.onap.org/browse/DCAEGEN2-3223) - Fix CBS client environment variable substitution fails for complex cases

diff --git a/pom.xml b/pom.xml
index 76a0fec..68b3720 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@ language governing permissions and limitations under the License.
 
     <groupId>org.onap.dcaegen2.services</groupId>
     <artifactId>sdk</artifactId>
-    <version>1.8.9-SNAPSHOT</version>
+    <version>${revision}</version>
 
     <name>dcaegen2-services-sdk</name>
     <description>Common SDK repo for all DCAE Services</description>
@@ -73,28 +73,29 @@ language governing permissions and limitations under the License.
 
     <properties>
         <java.version>11</java.version>
-        <junit-jupiter.version>5.7.0</junit-jupiter.version>
+        <junit-jupiter.version>5.9.0</junit-jupiter.version>
         <junit-vintage.version>5.7.0</junit-vintage.version>
         <junit-platform.version>1.3.1</junit-platform.version>
-        <immutables.version>2.7.5</immutables.version>
+        <immutables.version>2.9.0</immutables.version>
         <assertj-core.version>3.12.2</assertj-core.version>
         <reactor.bom.version>2020.0.1</reactor.bom.version>
         <slf4j.version>1.7.25</slf4j.version>
-        <logback.version>1.2.3</logback.version>
+        <logback.version>1.2.11</logback.version>
         <mockito.version>2.28.2</mockito.version>
-        <protobuf.version>3.6.1</protobuf.version>
+        <protobuf.version>3.21.1</protobuf.version>
         <vavr.version>0.10.2</vavr.version>
         <commons-text.version>1.6</commons-text.version>
         <jetbrains-annotations.version>16.0.3</jetbrains-annotations.version>
         <protoc-jar-maven-plugin.version>3.6.0.2</protoc-jar-maven-plugin.version>
         <testcontainers.version>1.15.1</testcontainers.version>
-        <spring.boot.version>2.5.9</spring.boot.version>
+        <spring.boot.version>2.7.2</spring.boot.version>
         <system.rules.version>1.17.2</system.rules.version>
         <openapi4j.version>1.0.3</openapi4j.version>
         <mockserver-client.version>5.11.2</mockserver-client.version>
         <sonar.coverage.jacoco.xmlReportPaths>
             ${project.reporting.outputDirectory}/jacoco-ut/jacoco.xml
         </sonar.coverage.jacoco.xmlReportPaths>
+        <revision>1.8.10-SNAPSHOT</revision>
     </properties>
 
     <modules>

diff --git a/rest-services/cbs-client/pom.xml b/rest-services/cbs-client/pom.xml
index e99fc44..d7c0753 100644 (file)
--- a/rest-services/cbs-client/pom.xml
+++ b/rest-services/cbs-client/pom.xml
@@ -20,7 +20,7 @@ language governing permissions and limitations under the License.
     <parent>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
         <artifactId>dcaegen2-services-sdk-rest-services</artifactId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId>

diff --git a/rest-services/dmaap-client/pom.xml b/rest-services/dmaap-client/pom.xml
index b439098..8123af3 100644 (file)
--- a/rest-services/dmaap-client/pom.xml
+++ b/rest-services/dmaap-client/pom.xml
@@ -20,7 +20,7 @@ language governing permissions and limitations under the License.
   <parent>
     <groupId>org.onap.dcaegen2.services.sdk</groupId>
     <artifactId>dcaegen2-services-sdk-rest-services</artifactId>
-    <version>1.8.9-SNAPSHOT</version>
+    <version>${revision}</version>
   </parent>
 
   <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId>

diff --git a/rest-services/http-client/pom.xml b/rest-services/http-client/pom.xml
index f182d63..4223de0 100644 (file)
--- a/rest-services/http-client/pom.xml
+++ b/rest-services/http-client/pom.xml
@@ -28,7 +28,7 @@
     <parent>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
         <artifactId>dcaegen2-services-sdk-rest-services</artifactId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId>
@@ -78,6 +78,11 @@
             <artifactId>junit-jupiter-params</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>

diff --git a/rest-services/model/pom.xml b/rest-services/model/pom.xml
index 4a6dbe1..0b47431 100644 (file)
--- a/rest-services/model/pom.xml
+++ b/rest-services/model/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
         <artifactId>dcaegen2-services-sdk-rest-services</artifactId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId>

diff --git a/rest-services/pom.xml b/rest-services/pom.xml
index 5d3be93..cf79b9b 100644 (file)
--- a/rest-services/pom.xml
+++ b/rest-services/pom.xml
@@ -20,7 +20,7 @@ language governing permissions and limitations under the License.
   <parent>
     <groupId>org.onap.dcaegen2.services</groupId>
     <artifactId>sdk</artifactId>
-    <version>1.8.9-SNAPSHOT</version>
+    <version>${revision}</version>
   </parent>
 
   <groupId>org.onap.dcaegen2.services.sdk</groupId>
@@ -36,4 +36,8 @@ language governing permissions and limitations under the License.
     <module>cbs-client</module>
     <module>dmaap-client</module>
   </modules>
+
+  <properties>
+    <onap-gerrit-review>-changelog-missing</onap-gerrit-review>
+  </properties>
 </project>

diff --git a/security/crypt-password/pom.xml b/security/crypt-password/pom.xml
index 5a8795e..4b47939 100644 (file)
--- a/security/crypt-password/pom.xml
+++ b/security/crypt-password/pom.xml
@@ -19,7 +19,7 @@ language governing permissions and limitations under the License.
     <parent>
         <groupId>org.onap.dcaegen2.services.sdk.security</groupId>
         <artifactId>dcaegen2-services-sdk-security</artifactId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

diff --git a/security/pom.xml b/security/pom.xml
index 37a3f02..cfc2da9 100644 (file)
--- a/security/pom.xml
+++ b/security/pom.xml
@@ -20,7 +20,7 @@ language governing permissions and limitations under the License.
   <parent>
     <groupId>org.onap.dcaegen2.services</groupId>
     <artifactId>sdk</artifactId>
-    <version>1.8.9-SNAPSHOT</version>
+    <version>${revision}</version>
   </parent>
 
   <groupId>org.onap.dcaegen2.services.sdk.security</groupId>
@@ -35,4 +35,8 @@ language governing permissions and limitations under the License.
     <module>ssl</module>
   </modules>
 
+  <properties>
+    <onap-gerrit-review>-changelog-missing</onap-gerrit-review>
+  </properties>
+
 </project>

diff --git a/security/ssl/pom.xml b/security/ssl/pom.xml
index 389c1aa..bb2c71e 100644 (file)
--- a/security/ssl/pom.xml
+++ b/security/ssl/pom.xml
@@ -19,7 +19,7 @@ language governing permissions and limitations under the License.
   <parent>
     <groupId>org.onap.dcaegen2.services.sdk.security</groupId>
     <artifactId>dcaegen2-services-sdk-security</artifactId>
-    <version>1.8.9-SNAPSHOT</version>
+    <version>${revision}</version>
   </parent>
 
   <artifactId>ssl</artifactId>

diff --git a/services/common/pom.xml b/services/common/pom.xml
index bb97d64..bee6427 100644 (file)
--- a/services/common/pom.xml
+++ b/services/common/pom.xml
@@ -20,7 +20,7 @@ language governing permissions and limitations under the License.
     <parent>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
         <artifactId>dcaegen2-services-sdk-services</artifactId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <artifactId>dcaegen2-services-sdk-services-common</artifactId>

diff --git a/services/external-schema-manager/pom.xml b/services/external-schema-manager/pom.xml
index b8ad818..c958791 100644 (file)
--- a/services/external-schema-manager/pom.xml
+++ b/services/external-schema-manager/pom.xml
@@ -20,7 +20,7 @@ language governing permissions and limitations under the License.
     <parent>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
         <artifactId>dcaegen2-services-sdk-services</artifactId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <artifactId>dcaegen2-services-sdk-services-external-schema-manager</artifactId>

diff --git a/services/hv-ves-client/pom.xml b/services/hv-ves-client/pom.xml
index 5ade0cb..cfe89c2 100644 (file)
--- a/services/hv-ves-client/pom.xml
+++ b/services/hv-ves-client/pom.xml
@@ -26,7 +26,7 @@
   <parent>
     <groupId>org.onap.dcaegen2.services.sdk</groupId>
     <artifactId>dcaegen2-services-sdk-services</artifactId>
-    <version>1.8.9-SNAPSHOT</version>
+    <version>${revision}</version>
   </parent>
 
   <artifactId>dcaegen2-services-sdk-services-hvvesclient</artifactId>

diff --git a/services/hv-ves-client/producer/api/pom.xml b/services/hv-ves-client/producer/api/pom.xml
index 0c88b3f..cf39094 100644 (file)
--- a/services/hv-ves-client/producer/api/pom.xml
+++ b/services/hv-ves-client/producer/api/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
         <artifactId>hvvesclient-producer</artifactId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <artifactId>hvvesclient-producer-api</artifactId>

diff --git a/services/hv-ves-client/producer/ct/pom.xml b/services/hv-ves-client/producer/ct/pom.xml
index 6e46045..edf1805 100644 (file)
--- a/services/hv-ves-client/producer/ct/pom.xml
+++ b/services/hv-ves-client/producer/ct/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
         <artifactId>hvvesclient-producer</artifactId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <artifactId>hvvesclient-producer-ct</artifactId>

diff --git a/services/hv-ves-client/producer/impl/pom.xml b/services/hv-ves-client/producer/impl/pom.xml
index 21bd7fa..46ff06d 100644 (file)
--- a/services/hv-ves-client/producer/impl/pom.xml
+++ b/services/hv-ves-client/producer/impl/pom.xml
@@ -26,7 +26,7 @@
   <parent>
     <groupId>org.onap.dcaegen2.services.sdk</groupId>
     <artifactId>hvvesclient-producer</artifactId>
-    <version>1.8.9-SNAPSHOT</version>
+    <version>${revision}</version>
   </parent>
 
   <artifactId>hvvesclient-producer-impl</artifactId>

diff --git a/services/hv-ves-client/producer/pom.xml b/services/hv-ves-client/producer/pom.xml
index 4b06d68..b3c2841 100644 (file)
--- a/services/hv-ves-client/producer/pom.xml
+++ b/services/hv-ves-client/producer/pom.xml
@@ -26,7 +26,7 @@
   <parent>
     <groupId>org.onap.dcaegen2.services.sdk</groupId>
     <artifactId>dcaegen2-services-sdk-services-hvvesclient</artifactId>
-    <version>1.8.9-SNAPSHOT</version>
+    <version>${revision}</version>
   </parent>
 
   <artifactId>hvvesclient-producer</artifactId>

diff --git a/services/hv-ves-client/protobuf/pom.xml b/services/hv-ves-client/protobuf/pom.xml
index 36f4838..b3d535a 100644 (file)
--- a/services/hv-ves-client/protobuf/pom.xml
+++ b/services/hv-ves-client/protobuf/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <artifactId>dcaegen2-services-sdk-services-hvvesclient</artifactId>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <name>High Volume VES Collector Client :: Protobuf</name>
@@ -38,6 +38,13 @@
         </protobuf-generated-files.directory>
     </properties>
 
+    <dependencies>
+        <dependency>
+            <groupId>com.google.protobuf</groupId>
+            <artifactId>protobuf-java</artifactId>
+        </dependency>
+    </dependencies>
+
     <build>
         <plugins>
             <plugin>
@@ -63,6 +70,7 @@
                 <artifactId>protoc-jar-maven-plugin</artifactId>
                 <executions>
                     <execution>
+                        <id>generate-sources</id>
                         <phase>generate-sources</phase>
                         <goals>
                             <goal>run</goal>
@@ -86,11 +94,4 @@
         </plugins>
     </build>
 
-    <dependencies>
-        <dependency>
-            <groupId>com.google.protobuf</groupId>
-            <artifactId>protobuf-java</artifactId>
-        </dependency>
-    </dependencies>
-
 </project>

diff --git a/services/pom.xml b/services/pom.xml
index 3aaf196..7ddb0cc 100644 (file)
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -26,7 +26,7 @@
   <parent>
     <groupId>org.onap.dcaegen2.services</groupId>
     <artifactId>sdk</artifactId>
-    <version>1.8.9-SNAPSHOT</version>
+    <version>${revision}</version>
   </parent>
 
   <groupId>org.onap.dcaegen2.services.sdk</groupId>
@@ -40,4 +40,8 @@
     <module>hv-ves-client</module>
     <module>external-schema-manager</module>
   </modules>
+
+  <properties>
+    <onap-gerrit-review>-changelog-missing</onap-gerrit-review>
+  </properties>
 </project>

diff --git a/standardization/api-custom-header/pom.xml b/standardization/api-custom-header/pom.xml
index a2cf661..4f58163 100644 (file)
--- a/standardization/api-custom-header/pom.xml
+++ b/standardization/api-custom-header/pom.xml
@@ -20,7 +20,7 @@ language governing permissions and limitations under the License.
   <parent>
     <groupId>org.onap.dcaegen2.services.sdk</groupId>
     <artifactId>dcaegen2-services-sdk-standardization</artifactId>
-    <version>1.8.9-SNAPSHOT</version>
+    <version>${revision}</version>
     <relativePath>..</relativePath>
   </parent>
   
@@ -42,7 +42,6 @@ language governing permissions and limitations under the License.
     <dependency>
        <groupId>com.google.code.gson</groupId>
        <artifactId>gson</artifactId>
-       <version>2.8.5</version>
     </dependency>
     <dependency>
       <groupId>org.jetbrains</groupId>

diff --git a/standardization/moher-api/healthstate/pom.xml b/standardization/moher-api/healthstate/pom.xml
index 19ae0a6..8525218 100644 (file)
--- a/standardization/moher-api/healthstate/pom.xml
+++ b/standardization/moher-api/healthstate/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <artifactId>dcaegen2-sdk-moher-api</artifactId>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <name>Monitoring and Healthcheck :: Health state</name>

diff --git a/standardization/moher-api/metrics/pom.xml b/standardization/moher-api/metrics/pom.xml
index 53d7547..c930860 100644 (file)
--- a/standardization/moher-api/metrics/pom.xml
+++ b/standardization/moher-api/metrics/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <artifactId>dcaegen2-sdk-moher-api</artifactId>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <name>Monitoring and Healthcheck :: Metrics</name>

diff --git a/standardization/moher-api/pom.xml b/standardization/moher-api/pom.xml
index 22abb5b..fd360c4 100644 (file)
--- a/standardization/moher-api/pom.xml
+++ b/standardization/moher-api/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <artifactId>dcaegen2-services-sdk-standardization</artifactId>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <name>Monitoring and Healthcheck</name>

diff --git a/standardization/moher-api/server-adapters/pom.xml b/standardization/moher-api/server-adapters/pom.xml
index d396a77..72ffa37 100644 (file)
--- a/standardization/moher-api/server-adapters/pom.xml
+++ b/standardization/moher-api/server-adapters/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <artifactId>dcaegen2-sdk-moher-api</artifactId>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <name>Monitoring and Healthcheck :: Server Adapters</name>

diff --git a/standardization/moher-api/server-adapters/reactor-netty/pom.xml b/standardization/moher-api/server-adapters/reactor-netty/pom.xml
index 72db4ab..f238b95 100644 (file)
--- a/standardization/moher-api/server-adapters/reactor-netty/pom.xml
+++ b/standardization/moher-api/server-adapters/reactor-netty/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <artifactId>dcaegen2-sdk-moher-server-adapters</artifactId>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <name>Monitoring and Healthcheck :: Server Adapters :: Reactor Netty</name>

diff --git a/standardization/moher-api/server-adapters/spring-webflux/pom.xml b/standardization/moher-api/server-adapters/spring-webflux/pom.xml
index b71aa43..4fea8db 100644 (file)
--- a/standardization/moher-api/server-adapters/spring-webflux/pom.xml
+++ b/standardization/moher-api/server-adapters/spring-webflux/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <artifactId>dcaegen2-sdk-moher-server-adapters</artifactId>
         <groupId>org.onap.dcaegen2.services.sdk</groupId>
-        <version>1.8.9-SNAPSHOT</version>
+        <version>${revision}</version>
     </parent>
 
     <name>Monitoring and Healthcheck :: Server Adapters :: Spring Webflux</name>
@@ -45,6 +45,7 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-webflux</artifactId>
+<!--            <version>5.3.20</version>-->
         </dependency>
         <dependency>
             <groupId>org.onap.dcaegen2.services.sdk</groupId>

diff --git a/standardization/pom.xml b/standardization/pom.xml
index 193c080..af0ec53 100644 (file)
--- a/standardization/pom.xml
+++ b/standardization/pom.xml
@@ -21,7 +21,7 @@ language governing permissions and limitations under the License.
   <parent>
     <groupId>org.onap.dcaegen2.services</groupId>
     <artifactId>sdk</artifactId>
-    <version>1.8.9-SNAPSHOT</version>
+    <version>${revision}</version>
     <relativePath>..</relativePath>
   </parent>
 
@@ -37,4 +37,8 @@ language governing permissions and limitations under the License.
     <module>moher-api</module>
   </modules>
 
+  <properties>
+    <onap-gerrit-review>-changelog-missing</onap-gerrit-review>
+  </properties>
+
 </project>

diff --git a/version.properties b/version.properties
index 4ae65b7..51dd6a7 100644 (file)
--- a/version.properties
+++ b/version.properties
@@ -1,6 +1,6 @@
 major=1
 minor=8
-patch=9
+patch=10
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT