Security Vunerabilities

Issue-ID: PORTAL-155

Excluded beanshell, nimbus dependency and upgraded the version of
spring-security-web and tomcat-embed-core.

Change-Id: I2f238d8cdeb61084b1a86099c25b5bd8f30d5e93
Signed-off-by: sa282w <sa282w@att.com>

diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml
index 733a101..5ae097d 100644 (file)
--- a/ecomp-portal-BE-common/pom.xml
+++ b/ecomp-portal-BE-common/pom.xml
@@ -625,6 +625,10 @@
                        <groupId>commons-httpclient</groupId>
                        <artifactId>commons-httpclient</artifactId>
                 </exclusion>
+                                <exclusion>
+                               <groupId>org.beanshell</groupId>
+                       <artifactId>bsh-core</artifactId>
+                                </exclusion>
               </exclusions>
         </dependency>
         <dependency>

diff --git a/ecomp-portal-BE-os/pom.xml b/ecomp-portal-BE-os/pom.xml
index ed42c06..2c96ada 100644 (file)
--- a/ecomp-portal-BE-os/pom.xml
+++ b/ecomp-portal-BE-os/pom.xml
@@ -621,6 +621,10 @@
                                        <groupId>org.codehaus.jackson</groupId>
                                        <artifactId>jackson-mapper-asl</artifactId>
                                </exclusion>
+                               <exclusion>
+                                       <groupId>com.nimbusds</groupId>
+                                       <artifactId>nimbus-jose-jwt</artifactId>
+                               </exclusion>
                        </exclusions>
                </dependency>
 <!--           <dependency>
@@ -663,7 +667,7 @@
                                        <artifactId>*</artifactId>
                                </exclusion>
                        </exclusions>
-               </dependency>
+               </dependency> 
        </dependencies>
 
        <reporting>

diff --git a/ecomp-portal-widget-ms/widget-ms/pom.xml b/ecomp-portal-widget-ms/widget-ms/pom.xml
index 5d8896c..dabc5ac 100644 (file)
--- a/ecomp-portal-widget-ms/widget-ms/pom.xml
+++ b/ecomp-portal-widget-ms/widget-ms/pom.xml
@@ -44,6 +44,12 @@
                <dependency>
                        <groupId>org.springframework.boot</groupId>
                        <artifactId>spring-boot-starter-security</artifactId>
+                       <exclusions>
+                               <exclusion>
+                                       <groupId>org.springframework.security</groupId>
+                               <artifactId>spring-security-web</artifactId>
+                               </exclusion>
+                       </exclusions>
                </dependency>
                <dependency>
                        <groupId>org.springframework.boot</groupId>
@@ -140,7 +146,7 @@
                <dependency>
                <groupId>org.apache.tomcat.embed</groupId>
                <artifactId>tomcat-embed-core</artifactId>
-               <version>8.5.13</version>
+               <version>8.5.28</version>
                </dependency>
                <dependency>
                        <groupId>ch.qos.logback</groupId>
@@ -167,6 +173,11 @@
                        <artifactId>jackson-databind</artifactId>
                        <version>2.8.10</version>
                </dependency>
+               <dependency>
+               <groupId>org.springframework.security</groupId>
+               <artifactId>spring-security-web</artifactId>
+               <version>4.1.4.RELEASE</version>
+               </dependency>
        </dependencies>
 
        <build>