diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2018-03-01 18:00:06 -0500 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2018-03-01 18:00:16 -0500 |
commit | caead0115fa286d6796ad749464e8df09f383338 (patch) | |
tree | 70ad5bb9eed2948a46f0a8e041187aa9fdbd3407 /ONAP-PDP/pom.xml | |
parent | 96787c49cd192096916e482e5b55e91652de3817 (diff) |
Remove CLM issues with commons-collections
We know that we are not configuring an LDAP PIP in our
use of the XACML open source. The LDAP implementation
uses Apache Velocity, which uses a very old version
of commons-collections that has security issues. So
we can exclude commons-collections from the build.
Issue-ID: POLICY-507
Change-Id: I735eae4fe507ad016d9b0b49e67536415edb9820
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'ONAP-PDP/pom.xml')
-rw-r--r-- | ONAP-PDP/pom.xml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ONAP-PDP/pom.xml b/ONAP-PDP/pom.xml index d302c955d..dc3953b76 100644 --- a/ONAP-PDP/pom.xml +++ b/ONAP-PDP/pom.xml @@ -73,6 +73,15 @@ <groupId>com.att.research.xacml</groupId> <artifactId>xacml-pdp</artifactId> <version>1.0.1</version> + <exclusions> + <!-- The LDAP PIP uses velocity which pulls this insecure jar in. We + are not using that PIP and can safely exclude this jar to resolve CLM issue. + --> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>junit</groupId> |