Clean up pom.xml and fix CLM

This has some cleanup for overriding managed dependencies, a
duplicate entry for mariadb, unnecessary inclusion of older
EELF library, an upgrade of swagger tools to fix a security
issue and lastly an override of a depedency to clear a
security issue.

Issue-ID: POLICY-507
Change-Id: I8767f6edc37551c559010d96d350afdd5961f13d
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>

1 files changed, 14 insertions, 5 deletions

diff --git a/PolicyEngineUtils/pom.xml b/PolicyEngineUtils/pom.xml
index 9e2e13b15..e7196c511 100644
--- a/PolicyEngineUtils/pom.xml
+++ b/PolicyEngineUtils/pom.xml
@@ -88,15 +88,20 @@
 			<version>4.11</version>
 			<scope>test</scope>
 		</dependency>
-		<dependency>
-			<groupId>org.mariadb.jdbc</groupId>
-			<artifactId>mariadb-java-client</artifactId>
-			<version>1.2.3</version>
+		<!--
+		CLM security fix - force use of xstream
+		Remove this if a new version of drools-verifier is upgraded
+		that upgrades to xstream.
+		 -->
+		<dependency>
+		    <groupId>com.thoughtworks.xstream</groupId>
+		    <artifactId>xstream</artifactId>
+		    <version>1.4.10</version>
 		</dependency>
 		<dependency>
 			<groupId>org.drools</groupId>
 			<artifactId>drools-verifier</artifactId>
-			<version>6.3.0.Final</version>
+			<version>6.5.0.Final</version>
 			<exclusions>
 				<exclusion>
 					<groupId>com.google.guava</groupId>
@@ -106,6 +111,10 @@
 					<groupId>com.lowagie</groupId>
     				<artifactId>itext</artifactId>
 				</exclusion>
+				<exclusion>
+				    <groupId>com.thoughtworks.xstream</groupId>
+				    <artifactId>xstream</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 		<dependency>