Upgrade commons-collection for security fix

Force use of 3.2.2 to clear security issue for commons collections. Issue-ID: POLICY-507 Change-Id: Id9ac1e07b90dfb6594cde5ba4cec4e3867f43a76 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
author: Pamela Dragosh <pdragosh@research.att.com> 2018-03-05 10:25:41 -0500
committer: Pamela Dragosh <pdragosh@research.att.com> 2018-03-05 11:11:14 -0500
commit: d6465d56ca959b8493c1a9a3938d3d24461b5a6b (patch)
tree: 43fb697543f8a908844dd581d78406f7b9249619 /BRMSGateway
parent: 15fa7f438c0c34917e74a1f8d6a74702926bf218 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/BRMSGateway/pom.xml b/BRMSGateway/pom.xml
index 39e943be1..0d9ebfba2 100644
--- a/BRMSGateway/pom.xml
+++ b/BRMSGateway/pom.xml
@@ -66,10 +66,26 @@
 			<artifactId>integrity-monitor</artifactId>
 			<version>${project.version}</version>
 		</dependency>
+		<!--
+		CLM security fix - force use of commons-collections 3.2.2.
+		Remove this if a new version of nexus-rest-client-java is upgraded
+		to not use velocity (and then subsequently commons-collections v3.1 
+		 -->
+		<dependency>
+		    <groupId>commons-collections</groupId>
+		    <artifactId>commons-collections</artifactId>
+		    <version>3.2.2</version>
+		</dependency>
 		<dependency>
 			<groupId>org.sonatype.nexus</groupId>
 			<artifactId>nexus-rest-client-java</artifactId>
 			<version>2.3.1-01</version>
+			<exclusions>
+				<exclusion>
+					<groupId>commons-collections</groupId>
+					<artifactId>commons-collections</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>com.thoughtworks.xstream</groupId>
author	Pamela Dragosh <pdragosh@research.att.com>	2018-03-05 10:25:41 -0500
committer	Pamela Dragosh <pdragosh@research.att.com>	2018-03-05 11:11:14 -0500
commit	d6465d56ca959b8493c1a9a3938d3d24461b5a6b (patch)
tree	43fb697543f8a908844dd581d78406f7b9249619 /BRMSGateway
parent	15fa7f438c0c34917e74a1f8d6a74702926bf218 (diff)