aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2018-09-04 11:18:15 -0400
committerPamela Dragosh <pdragosh@research.att.com>2018-09-04 11:39:57 -0400
commit2a6876b1efd5df87761f44bffd455774da9d1d94 (patch)
tree672c639b15c2452c374c488e5f341f7a0ed73b90
parentf5b724a2ae55e9c734bc20d91c73a09bbdbc7ad8 (diff)
Fix security issues
Guava was not fully defined correctly. In order to exclude an older version being pulled in, the dependencyManagement needs to come from oparent and not overriden in drools-pdp. Issue-ID: INT-619 Change-Id: I58dfb815f02d61e47552e671540144b7b1ed3df5 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
-rw-r--r--policy-core/pom.xml10
-rw-r--r--pom.xml4
2 files changed, 9 insertions, 5 deletions
diff --git a/policy-core/pom.xml b/policy-core/pom.xml
index 18157c07..8cbef405 100644
--- a/policy-core/pom.xml
+++ b/policy-core/pom.xml
@@ -39,7 +39,7 @@
<dependencies>
<!--
Issue: 1 of 2
- These 2 dependencies are trying to upgrade security fixes
+ These 3 dependencies are trying to upgrade security fixes
identified. If they are removed or manipulated then please
fix the 2nd change as noted below.
-->
@@ -52,6 +52,10 @@
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
</dependency>
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </dependency>
<dependency>
<groupId>org.kie</groupId>
@@ -77,6 +81,10 @@
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/pom.xml b/pom.xml
index 87af9a17..c3c4aae1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -114,10 +114,6 @@
<dependencyManagement>
<dependencies>
<dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- </dependency>
- <dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
<version>2.0.1</version>