diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2018-03-05 20:34:18 -0500 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2018-03-05 20:34:30 -0500 |
commit | 48276315757f6561ee6a52575c07ba4d726679f5 (patch) | |
tree | a17e2fe76bf67c08ee3752214dbbee64dd8bd01d /PolicyEngineUtils/pom.xml | |
parent | d7dd5e1a57ae6bf0b0e832a7ccb323f9cf972b80 (diff) |
Clean up pom.xml and fix CLM
This has some cleanup for overriding managed dependencies, a
duplicate entry for mariadb, unnecessary inclusion of older
EELF library, an upgrade of swagger tools to fix a security
issue and lastly an override of a depedency to clear a
security issue.
Issue-ID: POLICY-507
Change-Id: I8767f6edc37551c559010d96d350afdd5961f13d
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'PolicyEngineUtils/pom.xml')
-rw-r--r-- | PolicyEngineUtils/pom.xml | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/PolicyEngineUtils/pom.xml b/PolicyEngineUtils/pom.xml index 9e2e13b15..e7196c511 100644 --- a/PolicyEngineUtils/pom.xml +++ b/PolicyEngineUtils/pom.xml @@ -88,15 +88,20 @@ <version>4.11</version> <scope>test</scope> </dependency> - <dependency> - <groupId>org.mariadb.jdbc</groupId> - <artifactId>mariadb-java-client</artifactId> - <version>1.2.3</version> + <!-- + CLM security fix - force use of xstream + Remove this if a new version of drools-verifier is upgraded + that upgrades to xstream. + --> + <dependency> + <groupId>com.thoughtworks.xstream</groupId> + <artifactId>xstream</artifactId> + <version>1.4.10</version> </dependency> <dependency> <groupId>org.drools</groupId> <artifactId>drools-verifier</artifactId> - <version>6.3.0.Final</version> + <version>6.5.0.Final</version> <exclusions> <exclusion> <groupId>com.google.guava</groupId> @@ -106,6 +111,10 @@ <groupId>com.lowagie</groupId> <artifactId>itext</artifactId> </exclusion> + <exclusion> + <groupId>com.thoughtworks.xstream</groupId> + <artifactId>xstream</artifactId> + </exclusion> </exclusions> </dependency> <dependency> |