From a973d0498459f66c015a66a58f655732756b4fab Mon Sep 17 00:00:00 2001
From: eazran <eyal.azran@ymail.com>
Date: Sun, 27 Jan 2019 16:39:36 +0200
Subject: [PATCH 1/3] Update README.md

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 8489b07c..30b39646 100644
--- a/README.md
+++ b/README.md
@@ -5,6 +5,15 @@
 [![Build Status](https://travis-ci.org/jenkinsci/java-client-api.svg?branch=master)](https://travis-ci.org/jenkinsci/java-client-api)
 [![Javadocs](https://javadoc.io/badge/com.offbytwo.jenkins/jenkins-client.svg?color=blue)](https://javadoc.io/doc/com.offbytwo.jenkins/jenkins-client)
 
+## Fork
+
+The original library (version 0.3.8) uses the dependencies:
+commons-beanutils-1.8.0.jar - reported Vulnerabilities: CVE-2014-0114
+commons-collections-3.2.1.jar - reported Vulnerabilities: CVE-2015-6420, CVE-2015-4852, CVE-2015-7501
+jackson-databind-2.3.4.jar - reported Vulnerabilities: CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2017-17485, CVE-2017-7525
+
+I am forking this library to update dependencies to resolve security issues
+
 ## Important Note
 
 The Jenkins API Client For Java has now moved under the umbrella of the Jenkins GitHub Organization.

From ef33ea8fc1ac5b204ea484af4a39375b7fc3c7d4 Mon Sep 17 00:00:00 2001
From: eazran <eyal.azran@ymail.com>
Date: Sun, 27 Jan 2019 16:41:36 +0200
Subject: [PATCH 2/3] Update README.md

---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 30b39646..428e232d 100644
--- a/README.md
+++ b/README.md
@@ -8,9 +8,9 @@
 ## Fork
 
 The original library (version 0.3.8) uses the dependencies:
-commons-beanutils-1.8.0.jar - reported Vulnerabilities: CVE-2014-0114
-commons-collections-3.2.1.jar - reported Vulnerabilities: CVE-2015-6420, CVE-2015-4852, CVE-2015-7501
-jackson-databind-2.3.4.jar - reported Vulnerabilities: CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2017-17485, CVE-2017-7525
+* commons-beanutils-1.8.0.jar - reported Vulnerabilities: CVE-2014-0114
+* commons-collections-3.2.1.jar - reported Vulnerabilities: CVE-2015-6420, CVE-2015-4852, CVE-2015-7501
+* jackson-databind-2.3.4.jar - reported Vulnerabilities: CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2017-17485, CVE-2017-7525
 
 I am forking this library to update dependencies to resolve security issues
 

From 8fd4c680c8fa3d0fea26a978ac56f402b6fcd296 Mon Sep 17 00:00:00 2001
From: Eyal Azran <G_EYAZRA@icc.co.il>
Date: Thu, 14 Feb 2019 19:00:14 +0200
Subject: [PATCH 3/3] remove dependencies which have security volnurabilities

---
 jenkins-client/pom.xml | 47 ++++++++++++++++++++++++++++++++++++++++--
 pom.xml                | 31 ++++++++++++++++++++++++----
 2 files changed, 72 insertions(+), 6 deletions(-)

diff --git a/jenkins-client/pom.xml b/jenkins-client/pom.xml
index 75eb3fc9..77869e36 100644
--- a/jenkins-client/pom.xml
+++ b/jenkins-client/pom.xml
@@ -11,7 +11,7 @@
   <parent>
     <groupId>com.offbytwo.jenkins</groupId>
     <artifactId>jenkins-client-parent</artifactId>
-    <version>0.3.9-SNAPSHOT</version>
+    <version>0.3.9999-SNAPSHOT</version>
   </parent>
 
   <artifactId>jenkins-client</artifactId>
@@ -48,7 +48,27 @@
       <groupId>net.sf.json-lib</groupId>
       <artifactId>json-lib</artifactId>
       <classifier>jdk15</classifier>
-    </dependency>
+	  <exclusions>
+        <exclusion>  
+          <groupId>commons-beanutils</groupId>
+          <artifactId>commons-beanutils</artifactId>
+		  <!-- commons-beanutils-1.8.0.jar - reported Vulnerabilities: CVE-2014-0114 -->
+        </exclusion>
+		<exclusion>  
+          <groupId>commons-collections</groupId>
+          <artifactId>commons-collections</artifactId>
+		  <!-- commons-collections-3.2.1.jar - reported Vulnerabilities: CVE-2015-6420, CVE-2015-4852, CVE-2015-7501 -->
+        </exclusion>		
+      </exclusions> 
+    </dependency>
+	<dependency>
+		<groupId>commons-beanutils</groupId>
+		<artifactId>commons-beanutils</artifactId>		
+	</dependency>
+	<dependency>
+		<groupId>commons-collections</groupId>
+        <artifactId>commons-collections</artifactId>		
+	</dependency>
 
     <!-- Musties -->
     <dependency>
@@ -173,6 +193,29 @@
             </configuration>
           </execution>
         </executions>
+      </plugin>
+	  <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-dependency-plugin</artifactId>
+        <version>3.1.1</version>
+        <executions>
+          <execution>
+            <id>copy-dependencies</id>
+            <phase>initialize</phase>
+            <goals>
+              <goal>copy-dependencies</goal>
+            </goals>
+            <configuration>
+              <outputDirectory>dependencies-repository</outputDirectory>
+              <overWriteReleases>true</overWriteReleases>
+              <overWriteSnapshots>ture</overWriteSnapshots>
+              <overWriteIfNewer>true</overWriteIfNewer>
+              <copyPom>true</copyPom>
+              <useRepositoryLayout>true</useRepositoryLayout>
+			  <includeScope>runtime</includeScope>
+            </configuration>
+          </execution>
+        </executions>
       </plugin>
     </plugins>
   </build>
diff --git a/pom.xml b/pom.xml
index cea2c716..c0bcdac9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
 
   <groupId>com.offbytwo.jenkins</groupId>
   <artifactId>jenkins-client-parent</artifactId>
-  <version>0.3.9-SNAPSHOT</version>
+  <version>0.3.9999-SNAPSHOT</version>
   <packaging>pom</packaging>
 
   <scm>
@@ -60,10 +60,12 @@
     <commons-lang.version>3.8.1</commons-lang.version>
     <guava.version>17.0</guava.version>
     <json-lib.version>2.4</json-lib.version>
+	<commons-beanutils.version>1.9.3</commons-beanutils.version>
+	<commons-collections.version>3.2.2</commons-collections.version>
     <httpclient.version>4.3.6</httpclient.version>
     <httpcore.version>4.3.3</httpcore.version>
     <httpmime.version>4.3.6</httpmime.version>
-    <jackson-databind.version>2.9.6</jackson-databind.version>
+    <jackson-databind.version>2.9.8</jackson-databind.version>
   </properties>
 
   <licenses>
@@ -123,7 +125,29 @@
         <artifactId>json-lib</artifactId>
         <version>${json-lib.version}</version>
         <classifier>jdk15</classifier>
+			  <exclusions>
+				<exclusion>  
+				  <groupId>commons-beanutils</groupId>
+				  <artifactId>commons-beanutils</artifactId>
+				  <!-- commons-beanutils-1.8.0.jar - reported Vulnerabilities: CVE-2014-0114 -->
+				</exclusion>
+				<exclusion>  
+				  <groupId>commons-collections</groupId>
+				  <artifactId>commons-collections</artifactId>
+				  <!-- commons-collections-3.2.1.jar - reported Vulnerabilities: CVE-2015-6420, CVE-2015-4852, CVE-2015-7501 -->
+				</exclusion>		
+			  </exclusions> 
       </dependency>
+	  	<dependency>
+		<groupId>commons-beanutils</groupId>
+		<artifactId>commons-beanutils</artifactId>
+		<version>${commons-beanutils.version}</version>
+	</dependency>
+	<dependency>
+		<groupId>commons-collections</groupId>
+        <artifactId>commons-collections</artifactId>
+		<version>${commons-collections.version}</version>
+	</dependency>
 
       <!-- Musties -->
       <dependency>
@@ -498,8 +522,7 @@
   </repositories>
 
   <modules>
-    <module>jenkins-client</module>
-    <module>jenkins-client-it-docker</module>
+    <module>jenkins-client</module>    
   </modules>
 
 </project>