From 28da5021fad45b2c4da1bd1b7db794863e5ef7f3 Mon Sep 17 00:00:00 2001
From: Patrick Brady <pb071s@att.com>
Date: Mon, 17 Sep 2018 12:52:55 -0700
Subject: Remove logback 1.1.3 security issue

cdp-pal and eelf are the dependencies using logback-classic
1.1.3. Need to use exclusions option in pom file

Change-Id: Id8f5817ec955e2b7b486bc0215c35541086606aa
Signed-off-by: Patrick Brady <pb071s@att.com>
Issue-ID: APPC-1018
---
 appc-config/appc-flow-controller/provider/pom.xml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'appc-config/appc-flow-controller')

diff --git a/appc-config/appc-flow-controller/provider/pom.xml b/appc-config/appc-flow-controller/provider/pom.xml
index f3cd09b89..065b3be22 100644
--- a/appc-config/appc-flow-controller/provider/pom.xml
+++ b/appc-config/appc-flow-controller/provider/pom.xml
@@ -68,9 +68,20 @@
             <groupId>com.fasterxml.jackson.dataformat</groupId>
             <artifactId>jackson-dataformat-yaml</artifactId>
         </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+	    <version>${logback.version}</version>
+        </dependency>
         <dependency>
             <groupId>com.att.eelf</groupId>
             <artifactId>eelf-core</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-classic</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.onap.ccsdk.sli.adaptors</groupId>
@@ -141,7 +152,8 @@
                         <Bundle-SymbolicName>org.onap.appc.flow.controller</Bundle-SymbolicName>
                         <Bundle-Activator>org.onap.appc.flow.controller.FlowControllerActivator</Bundle-Activator>
                         <Export-Package>org.onap.appc.flow.controller</Export-Package>
-                        <Import-Package>*</Import-Package>
+                        <Import-Package>groovy.lang;resolution:=optional,
+                            org.codehaus.groovy.*;resolution:=optional,*</Import-Package>
                         <Embed-Dependency>eelf-core,logback-core,logback-classic</Embed-Dependency>
                         <DynamicImport-Package>*</DynamicImport-Package>
                     </instructions>
-- 
cgit 1.2.3-korg