diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2018-03-01 17:11:20 -0500 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2018-03-01 17:11:27 -0500 |
commit | c11d90593b95f03f4b555af0c10ddf3bb2b262c1 (patch) | |
tree | f145c8e67408417751caff7c33d9f06253a9cf91 /controlloop/common | |
parent | cfe2c6e071f5e43ad01f470a3c87230dd1e1fe13 (diff) |
Remove CLM issues with commons-collections
We know that we are not configuring an LDAP PIP in our
use of the XACML open source. The LDAP implementation
uses Apache Velocity, which uses a very old version
of commons-collections that has security issues. So
we can exclude commons-collections from the build.
Issue-ID: POLICY-504
Change-Id: I6d90731e601f58c8edaca6fe02df30ee2a090c2f
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'controlloop/common')
-rw-r--r-- | controlloop/common/eventmanager/pom.xml | 9 | ||||
-rw-r--r-- | controlloop/common/guard/pom.xml | 9 |
2 files changed, 18 insertions, 0 deletions
diff --git a/controlloop/common/eventmanager/pom.xml b/controlloop/common/eventmanager/pom.xml index d0ce65138..6264e7e41 100644 --- a/controlloop/common/eventmanager/pom.xml +++ b/controlloop/common/eventmanager/pom.xml @@ -48,6 +48,15 @@ <artifactId>xacml</artifactId> <version>1.0.1</version> <scope>provided</scope> + <exclusions> + <!-- The LDAP PIP uses velocity which pulls this insecure jar in. We + are not using that PIP and can safely exclude this jar to resolve CLM issue. + --> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.onap.policy.drools-applications.controlloop.common.actors</groupId> diff --git a/controlloop/common/guard/pom.xml b/controlloop/common/guard/pom.xml index 36c7e1918..ae3dbde98 100644 --- a/controlloop/common/guard/pom.xml +++ b/controlloop/common/guard/pom.xml @@ -20,6 +20,15 @@ <groupId>com.att.research.xacml</groupId> <artifactId>xacml-pdp</artifactId> <version>1.0.1</version> + <exclusions> + <!-- The LDAP PIP uses velocity which pulls this insecure jar in. We + are not using that PIP and can safely exclude this jar to resolve CLM issue. + --> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>junit</groupId> |