Upgrade commons-collection for security fix

Force use of 3.2.2 to clear security issue for commons collections. Issue-ID: POLICY-507 Change-Id: Id9ac1e07b90dfb6594cde5ba4cec4e3867f43a76 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
author: Pamela Dragosh <pdragosh@research.att.com> 2018-03-05 10:25:41 -0500
committer: Pamela Dragosh <pdragosh@research.att.com> 2018-03-05 11:11:14 -0500
commit: d6465d56ca959b8493c1a9a3938d3d24461b5a6b (patch)
tree: 43fb697543f8a908844dd581d78406f7b9249619 /ONAP-SDK-APP
parent: 15fa7f438c0c34917e74a1f8d6a74702926bf218 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/ONAP-SDK-APP/pom.xml b/ONAP-SDK-APP/pom.xml
index c1ce21e4f..687e5b3a2 100644
--- a/ONAP-SDK-APP/pom.xml
+++ b/ONAP-SDK-APP/pom.xml
@@ -238,6 +238,16 @@
 			<type>jar</type>
 		</dependency>
 		<!-- SDK components -->
+		<!--
+		CLM security fix - force use of commons-collections 3.2.2.
+		Remove this if a new version of epsdk-core is upgraded
+		to not use esapi (and then subsequently commons-collections v3.2
+		 -->
+		<dependency>
+		    <groupId>commons-collections</groupId>
+		    <artifactId>commons-collections</artifactId>
+		    <version>3.2.2</version>
+		</dependency>
 		<dependency>
 			<groupId>org.onap.portal.sdk</groupId>
 			<artifactId>epsdk-core</artifactId>
@@ -247,6 +257,10 @@
 					<groupId>mysql</groupId>
 					<artifactId>mysql-connector-java</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>commons-collections</groupId>
+					<artifactId>commons-collections</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 		<dependency>
author	Pamela Dragosh <pdragosh@research.att.com>	2018-03-05 10:25:41 -0500
committer	Pamela Dragosh <pdragosh@research.att.com>	2018-03-05 11:11:14 -0500
commit	d6465d56ca959b8493c1a9a3938d3d24461b5a6b (patch)
tree	43fb697543f8a908844dd581d78406f7b9249619 /ONAP-SDK-APP
parent	15fa7f438c0c34917e74a1f8d6a74702926bf218 (diff)