From 78224cb1fbc6052451ad1a759353cc6549b2f230 Mon Sep 17 00:00:00 2001
From: sa282w <sa282w@att.com>
Date: Fri, 30 Mar 2018 14:09:40 -0400
Subject: [PATCH] Security Vunerabilities

Issue-ID: PORTAL-155

Excluded beanshell, nimbus dependency and upgraded the version of
spring-security-web and tomcat-embed-core.

Change-Id: I2f238d8cdeb61084b1a86099c25b5bd8f30d5e93
Signed-off-by: sa282w <sa282w@att.com>
---
 ecomp-portal-BE-common/pom.xml           |  4 ++++
 ecomp-portal-BE-os/pom.xml               |  6 +++++-
 ecomp-portal-widget-ms/widget-ms/pom.xml | 13 ++++++++++++-
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml
index 733a1017..5ae097d6 100644
--- a/ecomp-portal-BE-common/pom.xml
+++ b/ecomp-portal-BE-common/pom.xml
@@ -625,6 +625,10 @@
              		<groupId>commons-httpclient</groupId>
              		<artifactId>commons-httpclient</artifactId>
             	 </exclusion>
+				 <exclusion>
+        			<groupId>org.beanshell</groupId>
+            		<artifactId>bsh-core</artifactId>
+				 </exclusion>
               </exclusions>
         </dependency>
         <dependency>
diff --git a/ecomp-portal-BE-os/pom.xml b/ecomp-portal-BE-os/pom.xml
index ed42c061..2c96adaa 100644
--- a/ecomp-portal-BE-os/pom.xml
+++ b/ecomp-portal-BE-os/pom.xml
@@ -621,6 +621,10 @@
 					<groupId>org.codehaus.jackson</groupId>
 					<artifactId>jackson-mapper-asl</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>com.nimbusds</groupId>
+					<artifactId>nimbus-jose-jwt</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 <!-- 		<dependency>
@@ -663,7 +667,7 @@
 					<artifactId>*</artifactId>
 				</exclusion>
 			</exclusions>
-		</dependency>
+		</dependency> 
 	</dependencies>
 
 	<reporting>
diff --git a/ecomp-portal-widget-ms/widget-ms/pom.xml b/ecomp-portal-widget-ms/widget-ms/pom.xml
index 5d8896c2..dabc5ac9 100644
--- a/ecomp-portal-widget-ms/widget-ms/pom.xml
+++ b/ecomp-portal-widget-ms/widget-ms/pom.xml
@@ -44,6 +44,12 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>org.springframework.security</groupId>
+    				<artifactId>spring-security-web</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -140,7 +146,7 @@
 		<dependency>
     		<groupId>org.apache.tomcat.embed</groupId>
     		<artifactId>tomcat-embed-core</artifactId>
-    		<version>8.5.13</version>
+    		<version>8.5.28</version>
 		</dependency>
 		<dependency>
 			<groupId>ch.qos.logback</groupId>
@@ -167,6 +173,11 @@
 			<artifactId>jackson-databind</artifactId>
 			<version>2.8.10</version>
 		</dependency>
+		<dependency>
+    		<groupId>org.springframework.security</groupId>
+    		<artifactId>spring-security-web</artifactId>
+    		<version>4.1.4.RELEASE</version>
+		</dependency>
 	</dependencies>
 
 	<build>
-- 
2.16.6