Updated the jars

DivyaDosibhatla · DivyaDosibhatla · commit f1d2a09b85a2 · 2019-03-06T13:51:03.000Z
diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ To install the `cybersource-sdk-java` from central repository, add dependency to
 <dependency>
   <groupId>com.cybersource</groupId>
   <artifactId>cybersource-sdk-java</artifactId>
-  <version>6.2.6</version>
+  <version>6.2.7</version>
 </dependency> 
 ```
 Run `mvn install` to install dependency
@@ -183,6 +183,14 @@ Retry Pattern allows to retry sending a failed request and it will only work wit
 
 ## Changes
 
+Version Cybersource-sdk-java 6.2.7 (MAR,2019)
+_______________________________
+
+1)Fixed security vulnerabilities found in the jar dependencies. 1)xmlsec 2)opensaml 3)bcprov
+2)Modified Utility Test class.
+3)Updated the client version to 6.2.7 in utility class
+_______________________________
+
 Version Cybersource-sdk-java 6.2.6 (MAY,2018)
 _______________________________
   1) Added certificateCacheEnabled optional feature. certificateCacheEnabled parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made.If the certificateCacheEnabled is true then only at the first time certificate of a merchant will loaded from filesystem.
diff --git a/java/pom.xml b/java/pom.xml
@@ -188,7 +188,7 @@
         <dependency>
     		<groupId>org.apache.santuario</groupId>
     		<artifactId>xmlsec</artifactId>
-    		<version>1.4.3</version>
+    		<version>2.0.7</version>
 		</dependency>
         <dependency>
             <groupId>commons-httpclient</groupId>
@@ -204,12 +204,18 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.54</version>
+            <version>1.61</version>
         </dependency>
         <dependency>
             <groupId>org.apache.ws.security</groupId>
             <artifactId>wss4j</artifactId>
             <version>1.6.19</version>
+	<exclusions>
+                <exclusion>
+                    <groupId>org.opensaml</groupId>
+                    <artifactId>opensaml</artifactId>
+                </exclusion>
+         </exclusions>
         </dependency>     
         <dependency>
             <groupId>org.apache.commons</groupId>
diff --git a/java/src/main/java/com/cybersource/ws/client/Utility.java b/java/src/main/java/com/cybersource/ws/client/Utility.java
@@ -48,7 +48,7 @@ private Utility() {
     /**
      * Version number of this release.
      */
-    public static final String VERSION = "6.2.6";
+    public static final String VERSION = "6.2.7";
 
     /**
      * If in the Request map, a key called "_has_escapes" is present and is set
diff --git a/java/src/test/java/com/cybersource/ws/client/UtilityTest.java b/java/src/test/java/com/cybersource/ws/client/UtilityTest.java
@@ -9,20 +9,20 @@
 import java.io.*;
 import java.net.URL;
 import java.util.*;
+import java.util.stream.Collectors;
 
 public class UtilityTest extends BaseTest {
     String propertiesFilename;
     Properties properties;
 
     @Before
     public void setUp() {
-        URL fileUrl = Thread.currentThread().getContextClassLoader().getResource("test_cybs.properties");
-        String filepath = "";
-        if(fileUrl != null) {
-            propertiesFilename = fileUrl.getFile();
+      InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("test_cybs.properties");
+        if(is != null) {
+            propertiesFilename = new BufferedReader(new InputStreamReader(is)).lines().collect(Collectors.joining("\n"));
             try {
                 properties = new Properties();
-                properties.load(new FileReader(propertiesFilename));
+                properties.load(is);
             } catch (IOException e) {
                 fail("Unable to load properties file");
             }
diff --git a/pom.xml b/pom.xml
@@ -22,7 +22,7 @@
 
     <groupId>com.cybersource</groupId>
     <artifactId>cybersource-sdk-master</artifactId>
-    <version>6.2.7</version>
+    <version>6.2.7-SNAPSHOT</version>
 
 
 </project>
diff --git a/samples/nvp/compileSample.bat b/samples/nvp/compileSample.bat
@@ -2,15 +2,15 @@
 
 set LOCAL_CP=
 rem ----------------------------------------------------------------------------
-rem Replace this with cybersource-sdk-java-6.2.6.jar when using Java SDK 1.6 or later.
+rem Replace this with cybersource-sdk-java-6.2.7.jar when using Java SDK 1.6 or later.
 rem If using this scripts outside zip package then give maven clean install. 
 rem This will generate all required dependencies under target/dependencies.These dependencies are used in CLASSPATH.
 rem ----------------------------------------------------------------------------
 
-if exist ../../lib set LOCAL_CP=%LOCAL_CP%;../../lib/cybersource-sdk-java-6.2.6.jar
+if exist ../../lib set LOCAL_CP=%LOCAL_CP%;../../lib/cybersource-sdk-java-6.2.7-SNAPSHOT.jar
 if not exist ../../lib (
 	if not exist target goto error
-	set LOCAL_CP=%LOCAL_CP%;target/dependencies/cybersource-sdk-java-6.2.6.jar
+	set LOCAL_CP=%LOCAL_CP%;target/dependencies/cybersource-sdk-java-6.2.7-SNAPSHOT.jar
 )
 
 if not exist classes mkdir classes
diff --git a/samples/nvp/compileSample.sh b/samples/nvp/compileSample.sh
@@ -2,13 +2,13 @@
 
 LOCAL_CP=
 # -----------------------------------------------------------------------------
-# Replace this with cybersource-sdk-java-6.2.6.jar when using Java SDK 1.6 or later.
+# Replace this with cybersource-sdk-java-6.2.7.jar when using Java SDK 1.6 or later.
 # If using this scripts outside zip package then give maven clean install.
 # This will generate all required dependencies under target/dependencies.These dependencies are used in CLASSPATH.
 # -----------------------------------------------------------------------------
 
 if test -d ../../lib
-then LOCAL_CP=$LOCAL_CP:../../lib/cybersource-sdk-java-6.2.6.jar
+then LOCAL_CP=$LOCAL_CP:../../lib/cybersource-sdk-java-6.2.7-SNAPSHOT.jar
 fi
 
 if test ! -d ../../lib
@@ -19,7 +19,7 @@ then
 		echo "Execute maven clean install , This will generate all required dependencies under target/dependencies!!"
 		exit 1
 	fi
-LOCAL_CP=$LOCAL_CP:target/dependencies/cybersource-sdk-java-6.2.6.jar
+LOCAL_CP=$LOCAL_CP:target/dependencies/cybersource-sdk-java-6.2.7-SNAPSHOT.jar
 fi
 
 if test ! -d ./classes
diff --git a/samples/nvp/pom.xml b/samples/nvp/pom.xml
@@ -11,7 +11,7 @@
         <dependency>
             <groupId>com.cybersource</groupId>
             <artifactId>cybersource-sdk-java</artifactId>
-            <version>6.2.6</version>
+            <version>6.2.7-SNAPSHOT</version>
         </dependency>
         <dependency>
             <groupId>commons-httpclient</groupId>
@@ -27,12 +27,18 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.54</version>
+            <version>1.61</version>
         </dependency>
         <dependency>
             <groupId>org.apache.ws.security</groupId>
             <artifactId>wss4j</artifactId>
             <version>1.6.19</version>
+	<exclusions>
+                <exclusion>
+                    <groupId>org.opensaml</groupId>
+                    <artifactId>opensaml</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
diff --git a/samples/nvp/runSample.bat b/samples/nvp/runSample.bat
@@ -4,7 +4,7 @@ set LOCAL_CP=
 set LOCAL_CP=%LOCAL_CP%;classes
 
 rem ----------------------------------------------------------------------------
-rem Replace cybersource-sdk-java-6.2.6.jar when using Java SDK 1.6 or later.
+rem Replace cybersource-sdk-java-6.2.7.jar when using Java SDK 1.6 or later.
 rem If using this scripts outside zip package then give maven clean install. 
 rem This will generate all required dependencies under target/dependencies.These dependencies are used in CLASSPATH.
 rem ----------------------------------------------------------------------------
diff --git a/samples/nvp/runSample.sh b/samples/nvp/runSample.sh
@@ -4,7 +4,7 @@ LOCAL_CP=
 LOCAL_CP=$LOCAL_CP:./classes
 
 # -----------------------------------------------------------------------------
-# Replace this with cybersource-sdk-java-6.2.6.jar when using Java SDK 1.6 or later.
+# Replace this with cybersource-sdk-java-6.2.7.jar when using Java SDK 1.6 or later.
 # If using this scripts outside zip package then give maven clean install.
 # This will generate all required dependencies under target/dependencies.These dependencies are used in CLASSPATH.
 # -----------------------------------------------------------------------------
diff --git a/samples/xml/compileSample.bat b/samples/xml/compileSample.bat
@@ -2,15 +2,15 @@
 
 set LOCAL_CP=
 rem ----------------------------------------------------------------------------
-rem Replace this with cybersource-sdk-java-6.2.6.jar when using Java SDK 1.6 or later.
+rem Replace this with cybersource-sdk-java-6.2.7.jar when using Java SDK 1.6 or later.
 rem If using this scripts outside zip package then give maven clean install. 
 rem This will generate all required dependencies under target/dependencies.These dependencies are used in CLASSPATH.
 rem ----------------------------------------------------------------------------
 
-if exist ../../lib set LOCAL_CP=%LOCAL_CP%;../../lib/cybersource-sdk-java-6.2.6.jar
+if exist ../../lib set LOCAL_CP=%LOCAL_CP%;../../lib/cybersource-sdk-java-6.2.7-SNAPSHOT.jar
 if not exist ../../lib (
 	if not exist target goto error
-	set LOCAL_CP=%LOCAL_CP%;target/dependencies/cybersource-sdk-java-6.2.6.jar
+	set LOCAL_CP=%LOCAL_CP%;target/dependencies/cybersource-sdk-java-6.2.7-SNAPSHOT.jar
 )
 
 if not exist classes mkdir classes
diff --git a/samples/xml/compileSample.sh b/samples/xml/compileSample.sh
@@ -2,13 +2,13 @@
 
 LOCAL_CP=
 # -----------------------------------------------------------------------------
-# Replace this with cybersource-sdk-java-6.2.6.jar when using Java SDK 1.6 or later.
+# Replace this with cybersource-sdk-java-6.2.7.jar when using Java SDK 1.6 or later.
 # If using this scripts outside zip package then give maven clean install.
 # This will generate all required dependencies under target/dependencies.These dependencies are used in CLASSPATH.
 # -----------------------------------------------------------------------------
 
 if test -d ../../lib
-then LOCAL_CP=$LOCAL_CP:../../lib/cybersource-sdk-java-6.2.6.jar
+then LOCAL_CP=$LOCAL_CP:../../lib/cybersource-sdk-java-6.2.7-SNAPSHOT.jar
 fi
 
 if test ! -d ../../lib
@@ -19,7 +19,7 @@ then
 		echo "Execute maven clean install , This will generate all required dependencies under target/dependencies!!"
 		exit 1
 	fi
-LOCAL_CP=$LOCAL_CP:target/dependencies/cybersource-sdk-java-6.2.6.jar
+LOCAL_CP=$LOCAL_CP:target/dependencies/cybersource-sdk-java-6.2.7-SNAPSHOT.jar
 fi
 
 if test ! -d ./classes
diff --git a/samples/xml/pom.xml b/samples/xml/pom.xml
@@ -11,7 +11,7 @@
         <dependency>
             <groupId>com.cybersource</groupId>
             <artifactId>cybersource-sdk-java</artifactId>
-            <version>6.2.6</version>
+            <version>6.2.7-SNAPSHOT</version>
         </dependency>
         <dependency>
             <groupId>commons-httpclient</groupId>
@@ -27,12 +27,18 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.54</version>
+            <version>1.61</version>
         </dependency>
         <dependency>
             <groupId>org.apache.ws.security</groupId>
             <artifactId>wss4j</artifactId>
             <version>1.6.19</version>
+	  <exclusions>
+                <exclusion>
+                    <groupId>org.opensaml</groupId>
+                    <artifactId>opensaml</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
diff --git a/samples/xml/runSample.bat b/samples/xml/runSample.bat
@@ -4,7 +4,7 @@ set LOCAL_CP=
 set LOCAL_CP=%LOCAL_CP%;classes
 
 rem ----------------------------------------------------------------------------
-rem Replace cybersource-sdk-java-6.2.6.jar when using Java SDK 1.6 or later.
+rem Replace cybersource-sdk-java-6.2.7.jar when using Java SDK 1.6 or later.
 rem If using this scripts outside zip package then give maven clean install. 
 rem This will generate all required dependencies under target/dependencies.These dependencies are used in CLASSPATH.
 rem ----------------------------------------------------------------------------
diff --git a/samples/xml/runSample.sh b/samples/xml/runSample.sh
@@ -4,7 +4,7 @@ LOCAL_CP=
 LOCAL_CP=$LOCAL_CP:./classes
 
 # -----------------------------------------------------------------------------
-# Replace this with cybersource-sdk-java-6.2.6.jar when using Java SDK 1.6 or later.
+# Replace this with cybersource-sdk-java-6.2.7.jar when using Java SDK 1.6 or later.
 # If using this scripts outside zip package then give maven clean install.
 # This will generate all required dependencies under target/dependencies.These dependencies are used in CLASSPATH.
 # -----------------------------------------------------------------------------
diff --git a/zip/pom.xml b/zip/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>cybersource-sdk-master</artifactId>
         <groupId>com.cybersource</groupId>
-        <version>6.2.7</version>
+        <version>6.2.7-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -43,7 +43,7 @@
         <dependency>
             <groupId>com.cybersource</groupId>
             <artifactId>cybersource-sdk-java</artifactId>
-            <version>6.2.6</version>
+            <version>6.2.7-SNAPSHOT</version>
         </dependency>
     </dependencies>
 
