From 29992b16ffdde0bde1f2f315624cb30ce0d0773b Mon Sep 17 00:00:00 2001
From: liamfallon <liam.fallon@ericsson.com>
Date: Thu, 21 Jun 2018 11:40:18 +0800
Subject: Reduce level of vulnerability on JRuby plugin

The JRuby plugin was using an old version of JRuby.
The version of JRuby is updated to the latest version, which
reduces the security vulnerability level. Some JRuby libraries
that are not used in the APEX PDP and that themselves have security
vulnerabilities are excluded.

Issue-ID: POLICY-905
Change-Id: I1c9d40c505849d8cab2778a4993dec9148504599
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
---
 .../plugins-executor/plugins-executor-jruby/pom.xml  | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

(limited to 'plugins')

diff --git a/plugins/plugins-executor/plugins-executor-jruby/pom.xml b/plugins/plugins-executor/plugins-executor-jruby/pom.xml
index c9284a20d..c9f72fc07 100644
--- a/plugins/plugins-executor/plugins-executor-jruby/pom.xml
+++ b/plugins/plugins-executor/plugins-executor-jruby/pom.xml
@@ -37,8 +37,22 @@
     <dependencies>
         <dependency>
             <groupId>org.jruby</groupId>
-            <artifactId>jruby-complete</artifactId>
-            <version>1.7.26</version>
+            <artifactId>jruby</artifactId>
+            <version>9.2.0.0</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.jruby.extras</groupId>
+                    <artifactId>bytelist</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.jruby</groupId>
+                    <artifactId>dirgra</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.jruby</groupId>
+                    <artifactId>jruby-stdlib</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
     </dependencies>
-</project>
\ No newline at end of file
+</project>
-- 
cgit 1.2.3-korg