Remove security issue xstream and plexus-utils

Some of these were ommitted from compile while others
were not completely ommitted.

Upgraded maven-compiler since it upgraded plexus-utils

Upgraded latest version of jackson-databind 2.9.5

Issue-ID: POLICY-507
Change-Id: If92ff4355329c48fbe76e0245d6c8344ebb8084d
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>

diff --git a/BRMSGateway/pom.xml b/BRMSGateway/pom.xml
index 18ed8f7..2f4612a 100644 (file)
--- a/BRMSGateway/pom.xml
+++ b/BRMSGateway/pom.xml
@@ -48,7 +48,7 @@
                <dependency>
                        <groupId>org.apache.maven</groupId>
                        <artifactId>maven-model</artifactId>
-                       <version>3.3.9</version>
+                       <version>3.5.3</version>
                </dependency>
                <dependency>
                        <groupId>org.apache.maven.shared</groupId>

diff --git a/ONAP-SDK-APP/pom.xml b/ONAP-SDK-APP/pom.xml
index 9f383bf..b6e7979 100644 (file)
--- a/ONAP-SDK-APP/pom.xml
+++ b/ONAP-SDK-APP/pom.xml
@@ -260,6 +260,10 @@
                                        <groupId>commons-collections</groupId>
                                        <artifactId>commons-collections</artifactId>
                                </exclusion>
+                               <exclusion>
+                                       <groupId>com.thoughtworks.xstream</groupId>
+                                       <artifactId>xstream</artifactId>
+                               </exclusion>
                        </exclusions>
                </dependency>
                <dependency>

diff --git a/POLICY-SDK-APP/pom.xml b/POLICY-SDK-APP/pom.xml
index 91e14d9..08bc3c2 100644 (file)
--- a/POLICY-SDK-APP/pom.xml
+++ b/POLICY-SDK-APP/pom.xml
@@ -90,6 +90,10 @@
                                        <groupId>mysql</groupId>
                                <artifactId>mysql-connector-java</artifactId>
                                </exclusion>
+                               <exclusion>
+                                       <groupId>com.thoughtworks.xstream</groupId>
+                                       <artifactId>xstream</artifactId>
+                               </exclusion>
                        </exclusions>
                </dependency>
        <!-- Spring -->

diff --git a/PolicyEngineUtils/pom.xml b/PolicyEngineUtils/pom.xml
index 73b6e04..85b506a 100644 (file)
--- a/PolicyEngineUtils/pom.xml
+++ b/PolicyEngineUtils/pom.xml
@@ -70,7 +70,7 @@
                <dependency>
                        <groupId>org.apache.maven</groupId>
                        <artifactId>maven-model</artifactId>
-                       <version>3.3.9</version>
+                       <version>3.5.3</version>
                </dependency>
                <!--
                CLM security fix - force use of xstream

diff --git a/pom.xml b/pom.xml
index af038fb..61e5d32 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -61,7 +61,7 @@
                <jetty.plugin.version>9.2.3.v20140905</jetty.plugin.version>
                <dmaap.version>1.1.3</dmaap.version>
                <httpclient.version>4.5.5</httpclient.version>
-               <jackson.version>2.9.4</jackson.version>
+               <jackson.version>2.9.5</jackson.version>
                <commons.fileupload.version>1.3.3</commons.fileupload.version>
        </properties>
        <modules>