summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2018-02-22 11:58:47 -0500
committerPamela Dragosh <pdragosh@research.att.com>2018-02-22 12:21:35 -0500
commite0d71bb74647e5d87b14ede07c30d07c3fb0f5fe (patch)
tree36ab08f83d3f038b8740fbbd6f34bb9561f9a53d
parentdeb9803becab25faf9ed9d609622983b20cc22ea (diff)
Force dependency upgrade and exclusions
LCM security issues are identified with plexus-utils and xstream. There is no clear upgrade to the org.kie.* dependencies with a fix for both of these. We will determine via testing as to whether these exclusions will result in failure. Issue-ID: POLICY-506 Change-Id: I9cefb814bb11a9babc4e4a2e47071ab74a46c011 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat
-rw-r--r--policy-core/pom.xml33
-rw-r--r--pom.xml7
2 files changed, 33 insertions, 7 deletions
diff --git a/policy-core/pom.xml b/policy-core/pom.xml
index 4bfd23ad..8cecd362 100644
--- a/policy-core/pom.xml
+++ b/policy-core/pom.xml
@@ -31,6 +31,23 @@
</parent>
<dependencies>
+ <!--
+ Issue: 1 of 2
+ These 2 dependencies are trying to upgrade security fixes
+ identified. If they are removed or manipulated then please
+ fix the 2nd change as noted below.
+ -->
+ <dependency>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-utils</artifactId>
+ <version>3.0.24</version>
+ </dependency>
+ <dependency>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ <version>1.4.10</version>
+ </dependency>
+
<dependency>
<groupId>org.kie</groupId>
<artifactId>kie-api</artifactId>
@@ -40,6 +57,22 @@
<groupId>org.kie</groupId>
<artifactId>kie-ci</artifactId>
<version>6.5.0.Final</version>
+ <!--
+ Issue: 2 of 2
+ Excluding these 2 dependencies in order to force upgrade security fixes
+ identified. As declared above. Any changes here should be reflected above
+ and vice versa.
+ -->
+ <exclusions>
+ <exclusion>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-utils</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.drools</groupId>
diff --git a/pom.xml b/pom.xml
index a279481b..d6f32bd4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -324,13 +324,6 @@
</dependency>
</dependencies>
</plugin>
-
- <plugin>
- <groupId>org.jacoco</groupId>
- <artifactId>jacoco-maven-plugin</artifactId>
- </plugin>
-
-
</plugins>
<pluginManagement>
<plugins>