Address some vulnerabilities from IQ report

Upgraded the version of a couple of items reported in IQ.  The new
versions are likely to have the same issues, but at least it should be
good for a moment.

Verified that the change to json-smart did not cause the CDS Actor tests
to break.  (Though it should eventually be tested with a real CDS.)
Verified that the change to xstream did not cause any tests in
drools-pdp or drools-apps to break.

Issue-ID: POLICY-3431
Change-Id: I1419871577174fd986c9eebf2ce35134bd4bda93
Signed-off-by: Jim Hahn <jrh3@att.com>

diff --git a/integration/pom.xml b/integration/pom.xml
index dd234c8..d453f53 100644 (file)
--- a/integration/pom.xml
+++ b/integration/pom.xml
@@ -210,7 +210,7 @@
             <dependency>
                 <groupId>com.thoughtworks.xstream</groupId>
                 <artifactId>xstream</artifactId>
-                <version>1.4.15</version>
+                <version>1.4.17</version>
             </dependency>
 
             <!-- Eclipse JPA API -->
@@ -308,6 +308,11 @@
                     </exclusion>
                 </exclusions>
             </dependency>
+            <dependency>
+                <groupId>net.minidev</groupId>
+                <artifactId>json-smart</artifactId>
+                <version>2.4.7</version>
+            </dependency>
 
             <!-- AAF Client -->
             <dependency>