Merge branch 'develop' of https://github.com/authzforce/core.git into develop

308d8f57 · cdanger · d0681430 · 81d7d0c6 · 308d8f57 · 308d8f57
Commit 308d8f57 authored Aug 04, 2018 by cdanger
--- a/README.md
+++ b/README.md
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/dee3e6f5cdd240fc80dfdcc1ee419ac8)](https://www.codacy.com/app/coder103/authzforce-ce-core?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=authzforce/core&amp;utm_campaign=Badge_Grade)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/389/badge)](https://bestpractices.coreinfrastructure.org/projects/389)
+[![Build Status](https://travis-ci.org/authzforce/core.svg?branch=develop)](https://travis-ci.org/authzforce/core)

 Javadocs: PDP engine [![Javadocs](http://javadoc.io/badge/org.ow2.authzforce/authzforce-ce-core-pdp-engine.svg)](http://javadoc.io/doc/org.ow2.authzforce/authzforce-ce-core-pdp-engine), XACML/JSON extension [![Javadocs](http://javadoc.io/badge/org.ow2.authzforce/authzforce-ce-core-pdp-io-xacml-json.svg)](http://javadoc.io/doc/org.ow2.authzforce/authzforce-ce-core-pdp-io-xacml-json), Test utilities [![Javadocs](http://javadoc.io/badge/org.ow2.authzforce/authzforce-ce-core-pdp-testutils.svg)](http://javadoc.io/doc/org.ow2.authzforce/authzforce-ce-core-pdp-testutils)


--- a/owasp-dependency-check-suppression.xml
+++ b/owasp-dependency-check-suppression.xml
@@ -10,4 +10,13 @@
      <cve>CVE-2007-6059</cve>
      <cve>CVE-2015-9097</cve>
   </suppress>
-</suppressions>
\ No newline at end of file
+   
+   <suppress>
+      <notes><![CDATA[
+      file name: spring-core-4.3.17.RELEASE.jar,
+      false positive for CVE-2018-1258
+      ]]></notes>
+     <gav>org.springframework:spring-core:4.3.17.RELEASE</gav> 
+     <cve>CVE-2018-1258</cve>
+   </suppress>
+</suppressions>
--- a/pdp-testutils/owasp-dependency-check-suppression.xml
+++ b/pdp-testutils/owasp-dependency-check-suppression.xml
@@ -10,4 +10,13 @@
      <cve>CVE-2007-6059</cve>
      <cve>CVE-2015-9097</cve>
   </suppress>
-</suppressions>
\ No newline at end of file
+
+ <suppress>
+	       <notes><![CDATA[
+		             file name: spring-core-4.3.17.RELEASE.jar,
+			           false positive for CVE-2018-1258
+				         ]]></notes>
+				      <gav>org.springframework:spring-core:4.3.17.RELEASE</gav>
+				           <cve>CVE-2018-1258</cve>
+					      </suppress>
+</suppressions>
--- a/pom.xml
+++ b/pom.xml
@@ -36,6 +36,13 @@
            <version>15.2.0</version>
         </dependency>
         <!-- /AuthzForce dependencies -->
+	 <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-core</artifactId>
+	    <!-- Mitigation for CVE-2018-1257, CVE-2018-1258, CVE-2018-1275, CVE-2018-1271, CVE-2018-1270, CVE-2018-1272.
+		                         TODO: fix it in authzforce-ce-parent's managed version -->
+	    <version>4.3.17.RELEASE</version>
+         </dependency>
         <!-- Test dependencies -->
         <dependency>
            <groupId>junit</groupId>