summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2018-03-05 10:25:41 -0500
committerPamela Dragosh <pdragosh@research.att.com>2018-03-05 11:11:14 -0500
commitd6465d56ca959b8493c1a9a3938d3d24461b5a6b (patch)
tree43fb697543f8a908844dd581d78406f7b9249619
parent15fa7f438c0c34917e74a1f8d6a74702926bf218 (diff)
Upgrade commons-collection for security fix
Force use of 3.2.2 to clear security issue for commons collections. Issue-ID: POLICY-507 Change-Id: Id9ac1e07b90dfb6594cde5ba4cec4e3867f43a76 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
-rw-r--r--BRMSGateway/pom.xml16
-rw-r--r--ONAP-SDK-APP/pom.xml14
2 files changed, 30 insertions, 0 deletions
diff --git a/BRMSGateway/pom.xml b/BRMSGateway/pom.xml
index 39e943be1..0d9ebfba2 100644
--- a/BRMSGateway/pom.xml
+++ b/BRMSGateway/pom.xml
@@ -66,10 +66,26 @@
<artifactId>integrity-monitor</artifactId>
<version>${project.version}</version>
</dependency>
+ <!--
+ CLM security fix - force use of commons-collections 3.2.2.
+ Remove this if a new version of nexus-rest-client-java is upgraded
+ to not use velocity (and then subsequently commons-collections v3.1
+ -->
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.2</version>
+ </dependency>
<dependency>
<groupId>org.sonatype.nexus</groupId>
<artifactId>nexus-rest-client-java</artifactId>
<version>2.3.1-01</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
diff --git a/ONAP-SDK-APP/pom.xml b/ONAP-SDK-APP/pom.xml
index c1ce21e4f..687e5b3a2 100644
--- a/ONAP-SDK-APP/pom.xml
+++ b/ONAP-SDK-APP/pom.xml
@@ -238,6 +238,16 @@
<type>jar</type>
</dependency>
<!-- SDK components -->
+ <!--
+ CLM security fix - force use of commons-collections 3.2.2.
+ Remove this if a new version of epsdk-core is upgraded
+ to not use esapi (and then subsequently commons-collections v3.2
+ -->
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.2</version>
+ </dependency>
<dependency>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-core</artifactId>
@@ -247,6 +257,10 @@
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>