From 2a6876b1efd5df87761f44bffd455774da9d1d94 Mon Sep 17 00:00:00 2001
From: Pamela Dragosh <pdragosh@research.att.com>
Date: Tue, 4 Sep 2018 11:18:15 -0400
Subject: Fix security issues

Guava was not fully defined correctly. In order to exclude
an older version being pulled in, the dependencyManagement
needs to come from oparent and not overriden in drools-pdp.

Issue-ID: INT-619
Change-Id: I58dfb815f02d61e47552e671540144b7b1ed3df5
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
---
 policy-core/pom.xml | 10 +++++++++-
 pom.xml             |  4 ----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/policy-core/pom.xml b/policy-core/pom.xml
index 18157c07..8cbef405 100644
--- a/policy-core/pom.xml
+++ b/policy-core/pom.xml
@@ -39,7 +39,7 @@
     <dependencies>
     <!--
     Issue: 1 of 2
-    These 2 dependencies are trying to upgrade security fixes
+    These 3 dependencies are trying to upgrade security fixes
     identified. If they are removed or manipulated then please
     fix the 2nd change as noted below. 
     -->
@@ -52,6 +52,10 @@
             <groupId>com.thoughtworks.xstream</groupId>
             <artifactId>xstream</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>org.kie</groupId>
@@ -77,6 +81,10 @@
                     <groupId>com.thoughtworks.xstream</groupId>
                     <artifactId>xstream</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>com.google.guava</groupId>
+                    <artifactId>guava</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
diff --git a/pom.xml b/pom.xml
index 87af9a17..c3c4aae1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -113,10 +113,6 @@
 
     <dependencyManagement>
         <dependencies>
-            <dependency>
-                <groupId>com.google.guava</groupId>
-                <artifactId>guava</artifactId>
-            </dependency>
             <dependency>
                 <groupId>javax.ws.rs</groupId>
                 <artifactId>javax.ws.rs-api</artifactId>
-- 
cgit 1.2.3-korg