summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2018-04-13 14:41:44 -0400
committerPamela Dragosh <pdragosh@research.att.com>2018-04-13 14:41:58 -0400
commit7bb69f8ae932417a5538450f987834007f1e9b51 (patch)
tree948ccda1915680e3ecaaf2af54d3f559cd80139e
parentea42fa8577530c6109bb1d3cd43c64a0ee298a88 (diff)
Exclude commons-collections
Since we are not using LDAP PIP we can get rid of this jar that has security issues. Issue-ID: POLICY-722 Change-Id: I93feacc8733a834866476db75933d8b2cf08c212 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
-rw-r--r--controlloop/common/controller-beijing/pom.xml9
1 files changed, 9 insertions, 0 deletions
diff --git a/controlloop/common/controller-beijing/pom.xml b/controlloop/common/controller-beijing/pom.xml
index 71165f7ae..b6021626b 100644
--- a/controlloop/common/controller-beijing/pom.xml
+++ b/controlloop/common/controller-beijing/pom.xml
@@ -158,6 +158,15 @@
<groupId>com.att.research.xacml</groupId>
<artifactId>xacml-pdp</artifactId>
<version>1.0.1</version>
+ <exclusions>
+ <!-- The LDAP PIP uses velocity which pulls this insecure jar in. We
+ are not using that PIP and can safely exclude this jar to resolve CLM issue.
+ -->
+ <exclusion>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.onap.policy.drools-pdp</groupId>