summaryrefslogtreecommitdiffstats
path: root/ONAP-XACML
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2018-03-01 18:00:06 -0500
committerPamela Dragosh <pdragosh@research.att.com>2018-03-01 18:00:16 -0500
commitcaead0115fa286d6796ad749464e8df09f383338 (patch)
tree70ad5bb9eed2948a46f0a8e041187aa9fdbd3407 /ONAP-XACML
parent96787c49cd192096916e482e5b55e91652de3817 (diff)
Remove CLM issues with commons-collections
We know that we are not configuring an LDAP PIP in our use of the XACML open source. The LDAP implementation uses Apache Velocity, which uses a very old version of commons-collections that has security issues. So we can exclude commons-collections from the build. Issue-ID: POLICY-507 Change-Id: I735eae4fe507ad016d9b0b49e67536415edb9820 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'ONAP-XACML')
-rw-r--r--ONAP-XACML/pom.xml9
1 files changed, 9 insertions, 0 deletions
diff --git a/ONAP-XACML/pom.xml b/ONAP-XACML/pom.xml
index c399e3fa9..b6f12c005 100644
--- a/ONAP-XACML/pom.xml
+++ b/ONAP-XACML/pom.xml
@@ -83,6 +83,15 @@
<groupId>com.att.research.xacml</groupId>
<artifactId>xacml</artifactId>
<version>1.0.1</version>
+ <exclusions>
+ <!-- The LDAP PIP uses velocity which pulls this insecure jar in. We
+ are not using that PIP and can safely exclude this jar to resolve CLM issue.
+ -->
+ <exclusion>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
</dependencies>
</project>