summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorliamfallon <liam.fallon@ericsson.com>2018-06-21 11:40:18 +0800
committerliamfallon <liam.fallon@ericsson.com>2018-06-21 11:40:27 +0800
commit29992b16ffdde0bde1f2f315624cb30ce0d0773b (patch)
tree2013338fee521e453e15798ddc4025b70e403828
parentbb89ed3ad0765d323b6b026fc5fdd3b4a57fcc31 (diff)
Reduce level of vulnerability on JRuby plugin
The JRuby plugin was using an old version of JRuby. The version of JRuby is updated to the latest version, which reduces the security vulnerability level. Some JRuby libraries that are not used in the APEX PDP and that themselves have security vulnerabilities are excluded. Issue-ID: POLICY-905 Change-Id: I1c9d40c505849d8cab2778a4993dec9148504599 Signed-off-by: liamfallon <liam.fallon@ericsson.com>
-rw-r--r--plugins/plugins-executor/plugins-executor-jruby/pom.xml20
1 files changed, 17 insertions, 3 deletions
diff --git a/plugins/plugins-executor/plugins-executor-jruby/pom.xml b/plugins/plugins-executor/plugins-executor-jruby/pom.xml
index c9284a20d..c9f72fc07 100644
--- a/plugins/plugins-executor/plugins-executor-jruby/pom.xml
+++ b/plugins/plugins-executor/plugins-executor-jruby/pom.xml
@@ -37,8 +37,22 @@
<dependencies>
<dependency>
<groupId>org.jruby</groupId>
- <artifactId>jruby-complete</artifactId>
- <version>1.7.26</version>
+ <artifactId>jruby</artifactId>
+ <version>9.2.0.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.jruby.extras</groupId>
+ <artifactId>bytelist</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.jruby</groupId>
+ <artifactId>dirgra</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.jruby</groupId>
+ <artifactId>jruby-stdlib</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
</dependencies>
-</project> \ No newline at end of file
+</project>