diff options
-rw-r--r-- | BRMSGateway/pom.xml | 16 | ||||
-rw-r--r-- | ONAP-SDK-APP/pom.xml | 14 |
2 files changed, 30 insertions, 0 deletions
diff --git a/BRMSGateway/pom.xml b/BRMSGateway/pom.xml index 39e943be1..0d9ebfba2 100644 --- a/BRMSGateway/pom.xml +++ b/BRMSGateway/pom.xml @@ -66,10 +66,26 @@ <artifactId>integrity-monitor</artifactId> <version>${project.version}</version> </dependency> + <!-- + CLM security fix - force use of commons-collections 3.2.2. + Remove this if a new version of nexus-rest-client-java is upgraded + to not use velocity (and then subsequently commons-collections v3.1 + --> + <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + <version>3.2.2</version> + </dependency> <dependency> <groupId>org.sonatype.nexus</groupId> <artifactId>nexus-rest-client-java</artifactId> <version>2.3.1-01</version> + <exclusions> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.thoughtworks.xstream</groupId> diff --git a/ONAP-SDK-APP/pom.xml b/ONAP-SDK-APP/pom.xml index c1ce21e4f..687e5b3a2 100644 --- a/ONAP-SDK-APP/pom.xml +++ b/ONAP-SDK-APP/pom.xml @@ -238,6 +238,16 @@ <type>jar</type> </dependency> <!-- SDK components --> + <!-- + CLM security fix - force use of commons-collections 3.2.2. + Remove this if a new version of epsdk-core is upgraded + to not use esapi (and then subsequently commons-collections v3.2 + --> + <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + <version>3.2.2</version> + </dependency> <dependency> <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-core</artifactId> @@ -247,6 +257,10 @@ <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> </exclusion> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> </exclusions> </dependency> <dependency> |