From 42ad14c683ba2829edf460ba43849e4acd57ffe2 Mon Sep 17 00:00:00 2001
From: Sri Balaji Marripud <sri.balaji.marripud@att.com>
Date: Mon, 7 Sep 2020 17:33:30 -0400
Subject: [PATCH] updated few jars for security fix

Issue-ID: PORTAL-945
Change-Id: Ib0f2cd7f9a767411e810f133c54bd9ff8fca1964
Signed-off-by: Sri Balaji Marripud <sri.balaji.marripud@att.com>
---
 ecomp-portal-BE-common/pom.xml           | 318 +++++++++++++++----------------
 ecomp-portal-BE-os/pom.xml               |  11 +-
 ecomp-portal-widget-ms/widget-ms/pom.xml |   9 +-
 3 files changed, 169 insertions(+), 169 deletions(-)

diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml
index 9275aa4e..18f1a7c8 100644
--- a/ecomp-portal-BE-common/pom.xml
+++ b/ecomp-portal-BE-common/pom.xml
@@ -1,4 +1,5 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 
@@ -50,19 +51,19 @@
 					</execution>
 				</executions>
 			</plugin>
-			
+
 			<plugin>
-		        <groupId>org.apache.maven.plugins</groupId>
-		        <artifactId>maven-jar-plugin</artifactId>
-		        <version>3.0.0</version>
-		        <executions>
-		          <execution>
-		            <goals>
-		              <goal>test-jar</goal>
-		            </goals>
-		          </execution>
-		        </executions>
-      		</plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-jar-plugin</artifactId>
+				<version>3.0.0</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>test-jar</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
@@ -87,7 +88,7 @@
 			</plugin>
 
 		</plugins>
-	
+
 		<testResources>
 			<testResource>
 				<directory>src/test/java</directory>
@@ -118,22 +119,22 @@
 	</build>
 
 	<dependencies>
-	<dependency>
-		<groupId>org.onap.aaf.authz</groupId>
-		<artifactId>aaf-cadi-aaf</artifactId>
-		<version>2.1.7</version>
-		<exclusions>
-			<exclusion>
-				<groupId>gso</groupId>
-				<artifactId>GLCookieDecryption</artifactId>
-			</exclusion>
-		</exclusions>
-	</dependency>
-	<dependency>
-		<groupId>org.onap.aaf.authz</groupId>
-		<artifactId>aaf-cadi-core</artifactId>
-		<version>2.1.7</version>
-	</dependency>
+		<dependency>
+			<groupId>org.onap.aaf.authz</groupId>
+			<artifactId>aaf-cadi-aaf</artifactId>
+			<version>2.1.7</version>
+			<exclusions>
+				<exclusion>
+					<groupId>gso</groupId>
+					<artifactId>GLCookieDecryption</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		<dependency>
+			<groupId>org.onap.aaf.authz</groupId>
+			<artifactId>aaf-cadi-core</artifactId>
+			<version>2.1.7</version>
+		</dependency>
 		<dependency>
 			<groupId>com.att.eelf</groupId>
 			<artifactId>eelf-core</artifactId>
@@ -185,7 +186,7 @@
 			<artifactId>jaxb-api</artifactId>
 			<version>2.4.0-b180830.0359</version>
 		</dependency>
-		
+
 		<!-- Hibernate -->
 		<dependency>
 			<groupId>org.hibernate</groupId>
@@ -247,19 +248,19 @@
 			<version>2.3.1</version>
 		</dependency>
 		<dependency>
-    		<groupId>org.apache.taglibs</groupId>
-    		<artifactId>taglibs-standard-spec</artifactId>
-    		<version>1.2.5</version>
+			<groupId>org.apache.taglibs</groupId>
+			<artifactId>taglibs-standard-spec</artifactId>
+			<version>1.2.5</version>
 		</dependency>
 		<dependency>
-    		<groupId>org.apache.taglibs</groupId>
-    		<artifactId>taglibs-standard-impl</artifactId>
-    		<version>1.2.5</version>
+			<groupId>org.apache.taglibs</groupId>
+			<artifactId>taglibs-standard-impl</artifactId>
+			<version>1.2.5</version>
 		</dependency>
 		<dependency>
-    		<groupId>org.apache.taglibs</groupId>
-   			<artifactId>taglibs-standard-jstlel</artifactId>
-    		<version>1.2.5</version>
+			<groupId>org.apache.taglibs</groupId>
+			<artifactId>taglibs-standard-jstlel</artifactId>
+			<version>1.2.5</version>
 		</dependency>
 		<!-- Apache Tiles -->
 		<dependency>
@@ -294,15 +295,15 @@
 			<version>${jackson.version}</version>
 		</dependency>
 		<dependency>
-			<groupId>postgresql</groupId>
+			<groupId>org.postgresql</groupId>
 			<artifactId>postgresql</artifactId>
-			<version>9.1-901-1.jdbc4</version>
+			<version>42.2.11</version>
 		</dependency>
 		<!-- Elastic Search -->
 		<dependency>
 			<groupId>org.elasticsearch</groupId>
 			<artifactId>elasticsearch</artifactId>
-			<version>7.4.1</version>
+			<version>7.6.1</version>
 			<exclusions>
 				<exclusion>
 					<groupId>org.apache.lucene</groupId>
@@ -332,6 +333,7 @@
 			<version>9.0.27</version>
 			<scope>provided</scope>
 		</dependency>
+		
 		<dependency>
 			<groupId>concurrent</groupId>
 			<artifactId>concurrent</artifactId>
@@ -367,7 +369,7 @@
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>poi-ooxml</artifactId>
-			<version>3.17</version>
+			<version>4.1.2</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
@@ -382,7 +384,7 @@
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>poi-scratchpad</artifactId>
-			<version>4.1.1</version>
+			<version>4.1.2</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
@@ -430,7 +432,7 @@
 		<dependency>
 			<groupId>commons-codec</groupId>
 			<artifactId>commons-codec</artifactId>
-			<version>1.14</version>
+			<version>1.15</version>
 		</dependency>
 		<dependency>
 			<groupId>com.att.nsa</groupId>
@@ -456,7 +458,7 @@
 				<exclusion>
 					<groupId>org.apache.httpcomponents</groupId>
 					<artifactId>httpclient</artifactId>
-				</exclusion>	
+				</exclusion>
 			</exclusions>
 		</dependency>
 		<dependency>
@@ -497,12 +499,12 @@
 			<groupId>org.onap.portal.sdk</groupId>
 			<artifactId>epsdk-app-common</artifactId>
 			<version>${epsdk.version}</version>
-			 <exclusions>
+			<exclusions>
 				<exclusion>
-             		<groupId>commons-beanutils</groupId>
-             		<artifactId>commons-beanutils-core</artifactId>
-            	 </exclusion>
-              </exclusions>
+					<groupId>commons-beanutils</groupId>
+					<artifactId>commons-beanutils-core</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.onap.portal.sdk</groupId>
@@ -555,31 +557,15 @@
 			<artifactId>commons-beanutils</artifactId>
 			<version>1.9.4</version>
 		</dependency>
-		<!-- <dependency>
-			<groupId>com.ecwid.consul</groupId>
-			<artifactId>consul-api</artifactId>
-			<version>1.3.0</version>
-		</dependency>
-		<dependency>
-			<groupId>com.orbitz.consul</groupId>
-			<artifactId>consul-client</artifactId>
-			<version>1.3.9</version>
-		</dependency> -->
+		<!-- <dependency> <groupId>com.ecwid.consul</groupId> <artifactId>consul-api</artifactId> 
+			<version>1.3.0</version> </dependency> <dependency> <groupId>com.orbitz.consul</groupId> 
+			<artifactId>consul-client</artifactId> <version>1.3.9</version> </dependency> -->
 		<dependency>
 			<groupId>commons-fileupload</groupId>
 			<artifactId>commons-fileupload</artifactId>
 			<version>1.4</version>
 		</dependency>
-		<dependency>
-			<groupId>io.springfox</groupId>
-			<artifactId>springfox-swagger2</artifactId>
-			<version>3.0.0</version>
-		</dependency>
-		<dependency>
-			<groupId>io.springfox</groupId>
-			<artifactId>springfox-swagger-ui</artifactId>
-			<version>3.0.0</version>
-		</dependency>
+		
 		<!-- Schedulers required Libraries -->
 		<dependency>
 			<groupId>com.googlecode.json-simple</groupId>
@@ -627,43 +613,53 @@
 			<classifier>runtime</classifier>
 		</dependency>
 		<dependency>
-             <groupId>org.owasp.esapi</groupId>
-             <artifactId>esapi</artifactId>
-             <version>2.2.0.0</version>
-             <exclusions>
-				<exclusion>
-             		<groupId>commons-beanutils</groupId>
-             		<artifactId>commons-beanutils-core</artifactId>
-            	 </exclusion>
-            	 <exclusion>
-             		<groupId>commons-httpclient</groupId>
-             		<artifactId>commons-httpclient</artifactId>
-            	 </exclusion>
-				 <exclusion>
-        			<groupId>org.beanshell</groupId>
-            		<artifactId>bsh-core</artifactId>
-				 </exclusion>
-              </exclusions>
-        </dependency>
-        <dependency>
-		    <groupId>org.springframework.security</groupId>
-		    <artifactId>spring-security-core</artifactId>
-		    <version>${springframework.security.version}</version>
-	    </dependency>
-	    <dependency>
-	        <groupId>org.springframework.security</groupId>
-	        <artifactId>spring-security-web</artifactId>
-	        <version>${springframework.security.version}</version>
-        </dependency>
-	    <dependency>
-		    <groupId>org.springframework.security</groupId>
-		    <artifactId>spring-security-config</artifactId>
-		    <version>${springframework.security.version}</version>
-	    </dependency>
-		<dependency>
-    		<groupId>com.thoughtworks.xstream</groupId>
-    		<artifactId>xstream</artifactId>
-    		<version>1.4.11.1</version>
+			<groupId>org.owasp.esapi</groupId>
+			<artifactId>esapi</artifactId>
+			<version>2.2.0.0</version>
+			<exclusions>
+				<exclusion>
+					<groupId>commons-beanutils</groupId>
+					<artifactId>commons-beanutils-core</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>commons-httpclient</groupId>
+					<artifactId>commons-httpclient</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.beanshell</groupId>
+					<artifactId>bsh-core</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-core</artifactId>
+			<version>${springframework.security.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+			<version>${springframework.security.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<version>${springframework.security.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>io.springfox</groupId>
+			<artifactId>springfox-swagger2</artifactId>
+			<version>3.0.0</version>
+		</dependency>
+		<dependency>
+			<groupId>io.springfox</groupId>
+			<artifactId>springfox-swagger-ui</artifactId>
+			<version>3.0.0</version>
+		</dependency>
+		<dependency>
+			<groupId>com.thoughtworks.xstream</groupId>
+			<artifactId>xstream</artifactId>
+			<version>1.4.11.1</version>
 		</dependency>
 		<dependency>
 			<groupId>ch.qos.logback</groupId>
@@ -676,61 +672,63 @@
 			<version>1.2.3</version>
 		</dependency>
 		<dependency>
-    		<groupId>commons-collections</groupId>
-    		<artifactId>commons-collections</artifactId>
-    		<version>3.2.2</version>
-		</dependency>
-		<dependency>
-    		<groupId>xalan</groupId>
-    		<artifactId>xalan</artifactId>
-    		<version>2.7.2</version>
-		</dependency>
-	    		<!-- Music -->
-	    <dependency>
-		    <groupId>org.onap.music</groupId>
-		    <artifactId>MUSIC</artifactId>
-		    <version>2.5.10</version>
-		    <exclusions> 
-				<exclusion> 
-					  <groupId>com.sun.jersey</groupId> 
-          			  <artifactId>jersey-client</artifactId> 
-				</exclusion> 
-				<exclusion> 
-					 <groupId>com.sun.jersey</groupId> 
-          			 <artifactId>jersey-server</artifactId> 
-				</exclusion> 
-				<exclusion> 
-					 <groupId>com.sun.jersey</groupId> 
-           			 <artifactId>jersey-json</artifactId> 
-				</exclusion><exclusion> 
-					<groupId>com.sun.jersey</groupId> 
-          			<artifactId>jersey-servlet</artifactId> 
-				</exclusion> 
-			</exclusions> 
-	    </dependency>
-	    
+			<groupId>commons-collections</groupId>
+			<artifactId>commons-collections</artifactId>
+			<version>3.2.2</version>
+		</dependency>
+		<dependency>
+			<groupId>xalan</groupId>
+			<artifactId>xalan</artifactId>
+			<version>2.7.2</version>
+		</dependency>
+		<!-- Music -->
+		<dependency>
+			<groupId>org.onap.music</groupId>
+			<artifactId>MUSIC</artifactId>
+			<version>2.5.10</version>
+			<exclusions>
+				<exclusion>
+					<groupId>com.sun.jersey</groupId>
+					<artifactId>jersey-client</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>com.sun.jersey</groupId>
+					<artifactId>jersey-server</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>com.sun.jersey</groupId>
+					<artifactId>jersey-json</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>com.sun.jersey</groupId>
+					<artifactId>jersey-servlet</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+
 		<dependency>
 			<groupId>org.onap.portal.sdk</groupId>
 			<artifactId>epsdk-music</artifactId>
 			<version>${epsdk.version}</version>
-				
-		<exclusions> 
-				<exclusion> 
-					  <groupId>com.sun.jersey</groupId> 
-          			  <artifactId>jersey-client</artifactId> 
-				</exclusion> 
-				<exclusion> 
-					 <groupId>com.sun.jersey</groupId> 
-          			 <artifactId>jersey-server</artifactId> 
-				</exclusion> 
-				<exclusion> 
-					 <groupId>com.sun.jersey</groupId> 
-           			 <artifactId>jersey-json</artifactId> 
-				</exclusion><exclusion> 
-					<groupId>com.sun.jersey</groupId> 
-          			<artifactId>jersey-servlet</artifactId> 
-				</exclusion> 
-			</exclusions> 
+
+			<exclusions>
+				<exclusion>
+					<groupId>com.sun.jersey</groupId>
+					<artifactId>jersey-client</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>com.sun.jersey</groupId>
+					<artifactId>jersey-server</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>com.sun.jersey</groupId>
+					<artifactId>jersey-json</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>com.sun.jersey</groupId>
+					<artifactId>jersey-servlet</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.projectlombok</groupId>
diff --git a/ecomp-portal-BE-os/pom.xml b/ecomp-portal-BE-os/pom.xml
index a726d6d8..5372e0ae 100644
--- a/ecomp-portal-BE-os/pom.xml
+++ b/ecomp-portal-BE-os/pom.xml
@@ -214,7 +214,7 @@
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
 			<version>2.11.0</version>
-		</dependency>
+			</dependency>
 		<!-- Spring -->
 		<dependency>
 			<groupId>org.springframework</groupId>
@@ -266,8 +266,9 @@
 		<dependency>
 			<groupId>org.hibernate</groupId>
 			<artifactId>hibernate-validator</artifactId>
-			<version>5.1.3.Final</version>
+			<version>5.4.3.Final</version>
 		</dependency>
+		
 		<!-- Servlet+JSP+JSTL -->
 		<dependency>
 			<groupId>javax.servlet</groupId>
@@ -322,7 +323,7 @@
 		<dependency>
 			<groupId>org.elasticsearch</groupId>
 			<artifactId>elasticsearch</artifactId>
-			<version>2.2.0</version>
+			<version>7.6.1</version>
 			<exclusions>
 				<exclusion>
 					<groupId>org.apache.lucene</groupId>
@@ -382,7 +383,7 @@
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>poi-ooxml</artifactId>
-			<version>3.15</version>
+			<version>4.1.2</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
@@ -397,7 +398,7 @@
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>poi-scratchpad</artifactId>
-			<version>3.5-FINAL</version>
+			<version>4.1.2</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
diff --git a/ecomp-portal-widget-ms/widget-ms/pom.xml b/ecomp-portal-widget-ms/widget-ms/pom.xml
index 2cdf13f3..a601dbef 100644
--- a/ecomp-portal-widget-ms/widget-ms/pom.xml
+++ b/ecomp-portal-widget-ms/widget-ms/pom.xml
@@ -4,6 +4,7 @@
 		<modelVersion>4.0.0</modelVersion>
 
 	<!-- This project must name Spring as parent; cannot name Portal -->
+	
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
@@ -151,7 +152,7 @@
 		<dependency>
     		<groupId>org.apache.tomcat.embed</groupId>
     		<artifactId>tomcat-embed-core</artifactId>
-    		<version>9.0.33</version>
+    		<version>9.0.36</version>
 		</dependency>
 		<dependency>
 			<groupId>ch.qos.logback</groupId>
@@ -166,17 +167,17 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.9.8</version>
+			<version>2.11.0</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.9.8</version>
+			<version>2.11.0</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.9.8</version>
+			<version>2.11.0</version>
 		</dependency>
 		<dependency>
     		<groupId>org.springframework.security</groupId>
-- 
2.16.6