upgrade spring.framework to latest 5.2.3 to avoid CVE-2020-5398/7

Issue-ID: VID-736
Signed-off-by: Amichai Hemli <amichai.hemli@intl.att.com>
Change-Id: Id9d81c032a7bcbb92dc1f358db0efb026667b178

diff --git a/epsdk-app-onap/pom.xml b/epsdk-app-onap/pom.xml
index be810e5..0b9b609 100755 (executable)
--- a/epsdk-app-onap/pom.xml
+++ b/epsdk-app-onap/pom.xml
@@ -27,7 +27,7 @@
         <epsdk.version>2.5.0</epsdk.version>
         <jackson.version>2.10.1</jackson.version>
         <jackson.databind.version>2.10.1</jackson.databind.version>
-        <springframework.version>5.2.0.RELEASE</springframework.version>
+        <springframework.version>5.2.3.RELEASE</springframework.version>
         <!-- epsdk-core is importing this class, which is only on spring-orm 4 but not in orm 5:
          org.springframework.orm.hibernate4.HibernateTransactionManager
          so following orm.version lets epsdk-core find it -->

diff --git a/vid-app-common/pom.xml b/vid-app-common/pom.xml
index cc32c2a..1b786c2 100755 (executable)
--- a/vid-app-common/pom.xml
+++ b/vid-app-common/pom.xml
@@ -27,7 +27,7 @@
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <epsdk.version>2.6.0</epsdk.version>
         <epsdk.overlay.version>2.5.0</epsdk.overlay.version>
-        <springframework.version>5.2.0.RELEASE</springframework.version>
+        <springframework.version>5.2.3.RELEASE</springframework.version>
         <springframework.orm.version>4.3.22.RELEASE</springframework.orm.version>
         <!-- epsdk-core is importing this class, which is only on spring-orm 4 but not in orm 5:
          org.springframework.orm.hibernate4.HibernateTransactionManager