diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2018-03-05 10:25:41 -0500 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2018-03-05 11:11:14 -0500 |
commit | d6465d56ca959b8493c1a9a3938d3d24461b5a6b (patch) | |
tree | 43fb697543f8a908844dd581d78406f7b9249619 | |
parent | 15fa7f438c0c34917e74a1f8d6a74702926bf218 (diff) |
Upgrade commons-collection for security fix
Force use of 3.2.2 to clear security issue for commons
collections.
Issue-ID: POLICY-507
Change-Id: Id9ac1e07b90dfb6594cde5ba4cec4e3867f43a76
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
-rw-r--r-- | BRMSGateway/pom.xml | 16 | ||||
-rw-r--r-- | ONAP-SDK-APP/pom.xml | 14 |
2 files changed, 30 insertions, 0 deletions
diff --git a/BRMSGateway/pom.xml b/BRMSGateway/pom.xml index 39e943be1..0d9ebfba2 100644 --- a/BRMSGateway/pom.xml +++ b/BRMSGateway/pom.xml @@ -66,10 +66,26 @@ <artifactId>integrity-monitor</artifactId> <version>${project.version}</version> </dependency> + <!-- + CLM security fix - force use of commons-collections 3.2.2. + Remove this if a new version of nexus-rest-client-java is upgraded + to not use velocity (and then subsequently commons-collections v3.1 + --> + <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + <version>3.2.2</version> + </dependency> <dependency> <groupId>org.sonatype.nexus</groupId> <artifactId>nexus-rest-client-java</artifactId> <version>2.3.1-01</version> + <exclusions> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.thoughtworks.xstream</groupId> diff --git a/ONAP-SDK-APP/pom.xml b/ONAP-SDK-APP/pom.xml index c1ce21e4f..687e5b3a2 100644 --- a/ONAP-SDK-APP/pom.xml +++ b/ONAP-SDK-APP/pom.xml @@ -238,6 +238,16 @@ <type>jar</type> </dependency> <!-- SDK components --> + <!-- + CLM security fix - force use of commons-collections 3.2.2. + Remove this if a new version of epsdk-core is upgraded + to not use esapi (and then subsequently commons-collections v3.2 + --> + <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + <version>3.2.2</version> + </dependency> <dependency> <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-core</artifactId> @@ -247,6 +257,10 @@ <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> </exclusion> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> </exclusions> </dependency> <dependency> |