summaryrefslogtreecommitdiffstats
path: root/PolicyEngineUtils
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2018-03-05 20:34:18 -0500
committerPamela Dragosh <pdragosh@research.att.com>2018-03-05 20:34:30 -0500
commit48276315757f6561ee6a52575c07ba4d726679f5 (patch)
treea17e2fe76bf67c08ee3752214dbbee64dd8bd01d /PolicyEngineUtils
parentd7dd5e1a57ae6bf0b0e832a7ccb323f9cf972b80 (diff)
Clean up pom.xml and fix CLM
This has some cleanup for overriding managed dependencies, a duplicate entry for mariadb, unnecessary inclusion of older EELF library, an upgrade of swagger tools to fix a security issue and lastly an override of a depedency to clear a security issue. Issue-ID: POLICY-507 Change-Id: I8767f6edc37551c559010d96d350afdd5961f13d Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'PolicyEngineUtils')
-rw-r--r--PolicyEngineUtils/pom.xml19
1 files changed, 14 insertions, 5 deletions
diff --git a/PolicyEngineUtils/pom.xml b/PolicyEngineUtils/pom.xml
index 9e2e13b15..e7196c511 100644
--- a/PolicyEngineUtils/pom.xml
+++ b/PolicyEngineUtils/pom.xml
@@ -88,15 +88,20 @@
<version>4.11</version>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.mariadb.jdbc</groupId>
- <artifactId>mariadb-java-client</artifactId>
- <version>1.2.3</version>
+ <!--
+ CLM security fix - force use of xstream
+ Remove this if a new version of drools-verifier is upgraded
+ that upgrades to xstream.
+ -->
+ <dependency>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ <version>1.4.10</version>
</dependency>
<dependency>
<groupId>org.drools</groupId>
<artifactId>drools-verifier</artifactId>
- <version>6.3.0.Final</version>
+ <version>6.5.0.Final</version>
<exclusions>
<exclusion>
<groupId>com.google.guava</groupId>
@@ -106,6 +111,10 @@
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>