summaryrefslogtreecommitdiffstats
path: root/policy-core
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2018-02-22 11:58:47 -0500
committerPamela Dragosh <pdragosh@research.att.com>2018-02-22 12:21:35 -0500
commite0d71bb74647e5d87b14ede07c30d07c3fb0f5fe (patch)
tree36ab08f83d3f038b8740fbbd6f34bb9561f9a53d /policy-core
parentdeb9803becab25faf9ed9d609622983b20cc22ea (diff)
Force dependency upgrade and exclusions
LCM security issues are identified with plexus-utils and xstream. There is no clear upgrade to the org.kie.* dependencies with a fix for both of these. We will determine via testing as to whether these exclusions will result in failure. Issue-ID: POLICY-506 Change-Id: I9cefb814bb11a9babc4e4a2e47071ab74a46c011 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'policy-core')
-rw-r--r--policy-core/pom.xml33
1 files changed, 33 insertions, 0 deletions
diff --git a/policy-core/pom.xml b/policy-core/pom.xml
index 4bfd23ad..8cecd362 100644
--- a/policy-core/pom.xml
+++ b/policy-core/pom.xml
@@ -31,6 +31,23 @@
</parent>
<dependencies>
+ <!--
+ Issue: 1 of 2
+ These 2 dependencies are trying to upgrade security fixes
+ identified. If they are removed or manipulated then please
+ fix the 2nd change as noted below.
+ -->
+ <dependency>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-utils</artifactId>
+ <version>3.0.24</version>
+ </dependency>
+ <dependency>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ <version>1.4.10</version>
+ </dependency>
+
<dependency>
<groupId>org.kie</groupId>
<artifactId>kie-api</artifactId>
@@ -40,6 +57,22 @@
<groupId>org.kie</groupId>
<artifactId>kie-ci</artifactId>
<version>6.5.0.Final</version>
+ <!--
+ Issue: 2 of 2
+ Excluding these 2 dependencies in order to force upgrade security fixes
+ identified. As declared above. Any changes here should be reflected above
+ and vice versa.
+ -->
+ <exclusions>
+ <exclusion>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-utils</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.drools</groupId>