aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJim Hahn <jrh3@att.com>2021-07-02 11:53:59 -0400
committerJim Hahn <jrh3@att.com>2021-07-02 11:59:26 -0400
commit53ef7ed7d2a9354146e2ad3f1a34186613a7b1b1 (patch)
treea8883405192abe9daf72678a0efb442eebf55222
parent7ed5ee20e1ff1505e9f1f4fa187ac81ef522ca9a (diff)
Address some vulnerabilities from IQ report
Upgraded the version of a couple of items reported in IQ. The new versions are likely to have the same issues, but at least it should be good for a moment. Verified that the change to json-smart did not cause the CDS Actor tests to break. (Though it should eventually be tested with a real CDS.) Verified that the change to xstream did not cause any tests in drools-pdp or drools-apps to break. Issue-ID: POLICY-3431 Change-Id: I1419871577174fd986c9eebf2ce35134bd4bda93 Signed-off-by: Jim Hahn <jrh3@att.com>
-rw-r--r--integration/pom.xml7
1 files changed, 6 insertions, 1 deletions
diff --git a/integration/pom.xml b/integration/pom.xml
index dd234c87..d453f533 100644
--- a/integration/pom.xml
+++ b/integration/pom.xml
@@ -210,7 +210,7 @@
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
- <version>1.4.15</version>
+ <version>1.4.17</version>
</dependency>
<!-- Eclipse JPA API -->
@@ -308,6 +308,11 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>net.minidev</groupId>
+ <artifactId>json-smart</artifactId>
+ <version>2.4.7</version>
+ </dependency>
<!-- AAF Client -->
<dependency>