diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2018-02-22 11:58:47 -0500 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2018-02-22 12:21:35 -0500 |
commit | e0d71bb74647e5d87b14ede07c30d07c3fb0f5fe (patch) | |
tree | 36ab08f83d3f038b8740fbbd6f34bb9561f9a53d /policy-core | |
parent | deb9803becab25faf9ed9d609622983b20cc22ea (diff) |
Force dependency upgrade and exclusions
LCM security issues are identified with plexus-utils and xstream. There
is no clear upgrade to the org.kie.* dependencies with a fix for both of
these. We will determine via testing as to whether these exclusions will
result in failure.
Issue-ID: POLICY-506
Change-Id: I9cefb814bb11a9babc4e4a2e47071ab74a46c011
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'policy-core')
-rw-r--r-- | policy-core/pom.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/policy-core/pom.xml b/policy-core/pom.xml index 4bfd23ad..8cecd362 100644 --- a/policy-core/pom.xml +++ b/policy-core/pom.xml @@ -31,6 +31,23 @@ </parent> <dependencies> + <!-- + Issue: 1 of 2 + These 2 dependencies are trying to upgrade security fixes + identified. If they are removed or manipulated then please + fix the 2nd change as noted below. + --> + <dependency> + <groupId>org.codehaus.plexus</groupId> + <artifactId>plexus-utils</artifactId> + <version>3.0.24</version> + </dependency> + <dependency> + <groupId>com.thoughtworks.xstream</groupId> + <artifactId>xstream</artifactId> + <version>1.4.10</version> + </dependency> + <dependency> <groupId>org.kie</groupId> <artifactId>kie-api</artifactId> @@ -40,6 +57,22 @@ <groupId>org.kie</groupId> <artifactId>kie-ci</artifactId> <version>6.5.0.Final</version> + <!-- + Issue: 2 of 2 + Excluding these 2 dependencies in order to force upgrade security fixes + identified. As declared above. Any changes here should be reflected above + and vice versa. + --> + <exclusions> + <exclusion> + <groupId>org.codehaus.plexus</groupId> + <artifactId>plexus-utils</artifactId> + </exclusion> + <exclusion> + <groupId>com.thoughtworks.xstream</groupId> + <artifactId>xstream</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.drools</groupId> |