• resteasy-jaxrs-2.3.2.Final.jar
• changed so/libs/openstack-client-connectors/resteasy-connector/pom.xml
• version change from 2.3.2.Final to 3.5.0.Final  // 3.5.0.Final does not have security and license risk.
• Found 3.0.19.Final were used in so/libs, which has security alerts    // should we change all to 3.5.0.Final?

• Httpclient-4.3.5.jar
• Changed so/libs/openstack-client-connectors/http-connector/pom.xml
• Version change from 4.3.5 to 4.5.5

• Commons-httpclient-3.1.jar
• Changed so/libs/openstack-client-connectors/resteasy-connector/pom.xml
• Changed RESTEasyConnector.java:
• Import org.apache.commons.httpclient.HttpStatus  --> org.apache.http.HttpStatus

• Replaced commons-httpclient with httpclient-4.5.5 and httpcore-4.4.4
• Note: ./org.apache.http.annotation.Immutable has been removed from httpcore-4.4.9 for some thread-safe issues. So, I put httpcore-4.4.4 for now to make SO compliable.

• Jackson-mapper-asl-1.9.13.jar
• There is no non-vulnerable version. We need to build our own TypeResolverBuilder…

                     From the SO/libs code, I could not find use of default typing (e.g.,        setDefaultTyping, or default enums). So, it should be ok.