security issue: commons-collections

Change-Id: I74a56640065ae6c6a470835ab1022ed0f266fc09 Issue-ID: APPC-665 Signed-off-by: Taka Cho <tc012c@att.com>
author: Taka Cho <tc012c@att.com> 2018-02-23 21:30:06 -0500
committer: Patrick Brady <pb071s@att.com> 2018-02-27 17:49:18 +0000
commit: ff286ea030490eef3d57df78eb5c92c1ea7b8ea6 (patch)
tree: 249a5315c2500d49a789f29e1a19815114c971dc /appc-sdc-listener
parent: 223970340047bee364489ab06cfbfb9e413694e7 (diff)
2 files changed, 25 insertions, 4 deletions
diff --git a/appc-sdc-listener/appc-sdc-listener-bundle/pom.xml b/appc-sdc-listener/appc-sdc-listener-bundle/pom.xml
index 2e61b7010..b59525201 100644
--- a/appc-sdc-listener/appc-sdc-listener-bundle/pom.xml
+++ b/appc-sdc-listener/appc-sdc-listener-bundle/pom.xml
@@ -150,9 +150,19 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
 			<groupId>org.apache.velocity</groupId>
 			<artifactId>velocity</artifactId>
 			<version>1.7</version>
-		</dependency>
-
-		<dependency>
+                        <exclusions>
+                             <exclusion>
+                                  <artifactId>commons-collections</artifactId>
+                                  <groupId>commons-collections</groupId>
+                             </exclusion>
+                        </exclusions>
+                 </dependency>
+                 <dependency>
+                     <groupId>commons-collections</groupId>
+                     <artifactId>commons-collections</artifactId>
+                     <version>3.2.2</version>
+                 </dependency>
+		 <dependency>
 			<groupId>org.opendaylight.yangtools</groupId>
 			<artifactId>yang-parser-impl</artifactId>
 			<version>${odl.yangtools.version}</version>
diff --git a/appc-sdc-listener/appc-yang-generator/pom.xml b/appc-sdc-listener/appc-yang-generator/pom.xml
index 413698ff9..0c45afb5d 100644
--- a/appc-sdc-listener/appc-yang-generator/pom.xml
+++ b/appc-sdc-listener/appc-yang-generator/pom.xml
@@ -48,6 +48,17 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity</artifactId>
             <version>1.7</version>
+            <exclusions>
+                 <exclusion>
+                      <artifactId>commons-collections</artifactId>
+                      <groupId>commons-collections</groupId>
+                 </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.2.2</version>
         </dependency>
         <dependency>
             <groupId>org.opendaylight.yangtools</groupId>
@@ -94,4 +105,4 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
         </plugins>
     </build>
 
-</project>
-\ No newline at end of file
+</project>
author	Taka Cho <tc012c@att.com>	2018-02-23 21:30:06 -0500
committer	Patrick Brady <pb071s@att.com>	2018-02-27 17:49:18 +0000
commit	ff286ea030490eef3d57df78eb5c92c1ea7b8ea6 (patch)
tree	249a5315c2500d49a789f29e1a19815114c971dc /appc-sdc-listener
parent	223970340047bee364489ab06cfbfb9e413694e7 (diff)