summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2019-04-19 11:52:40 -0400
committerPamela Dragosh <pdragosh@research.att.com>2019-04-19 11:52:46 -0400
commitf42123cde45da90cddaddff5df731e977c0c8447 (patch)
tree080f657d521c7ac5b72ecab4a2df3b8f9bbf7140
parent900920306a0be309f389880325558bb96ff76356 (diff)
Exclude jackson-databind
Jackson databind has security issues, sometimes its easier to just exclude it if possible. This repo doesn't use it directly, the swagger dependency pulls it in. It doesn't look like our usage of swagger dependency would require the jackson-databind as we only use the annotation: @ApiModelProperty NOTE: Swagger also pulls in jackson-annotations, which seems to be used by a few modules for JSON annotations. eg. those modules are using jackson-annotations indirectly via the swagger dependency pulling in that dependency. Not a big deal. Compilation of policy/api repo works with this exclusion. Issue-ID: POLICY-1507 Change-Id: Ic8501df5ad4f4fc8f6cd93e739d7ff2e52d98785 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
-rw-r--r--models-tosca/pom.xml8
1 files changed, 6 insertions, 2 deletions
diff --git a/models-tosca/pom.xml b/models-tosca/pom.xml
index 18b1e1ef1..ea12057a2 100644
--- a/models-tosca/pom.xml
+++ b/models-tosca/pom.xml
@@ -68,11 +68,15 @@
<artifactId>h2</artifactId>
<scope>test</scope>
</dependency>
-
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-jersey2-jaxrs</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
-
</dependencies>
</project>