Exclude commons-collections

Since we are not using LDAP PIP we can get rid of this jar that has security issues. Issue-ID: POLICY-722 Change-Id: I93feacc8733a834866476db75933d8b2cf08c212 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
author: Pamela Dragosh <pdragosh@research.att.com> 2018-04-13 14:41:44 -0400
committer: Pamela Dragosh <pdragosh@research.att.com> 2018-04-13 14:41:58 -0400
commit: 7bb69f8ae932417a5538450f987834007f1e9b51 (patch)
tree: 948ccda1915680e3ecaaf2af54d3f559cd80139e /controlloop/common/controller-beijing
parent: ea42fa8577530c6109bb1d3cd43c64a0ee298a88 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/controlloop/common/controller-beijing/pom.xml b/controlloop/common/controller-beijing/pom.xml
index 71165f7ae..b6021626b 100644
--- a/controlloop/common/controller-beijing/pom.xml
+++ b/controlloop/common/controller-beijing/pom.xml
@@ -158,6 +158,15 @@
             <groupId>com.att.research.xacml</groupId>
             <artifactId>xacml-pdp</artifactId>
             <version>1.0.1</version>
+		      <exclusions>
+		        <!-- The LDAP PIP uses velocity which pulls this insecure jar in. We
+		        are not using that PIP and can safely exclude this jar to resolve CLM issue.
+		         -->
+		        <exclusion>
+		          <groupId>commons-collections</groupId>
+		          <artifactId>commons-collections</artifactId>
+		        </exclusion>
+		      </exclusions>
         </dependency>
         <dependency>
             <groupId>org.onap.policy.drools-pdp</groupId>
author	Pamela Dragosh <pdragosh@research.att.com>	2018-04-13 14:41:44 -0400
committer	Pamela Dragosh <pdragosh@research.att.com>	2018-04-13 14:41:58 -0400
commit	7bb69f8ae932417a5538450f987834007f1e9b51 (patch)
tree	948ccda1915680e3ecaaf2af54d3f559cd80139e /controlloop/common/controller-beijing
parent	ea42fa8577530c6109bb1d3cd43c64a0ee298a88 (diff)