This has some cleanup for overriding managed dependencies, a
duplicate entry for mariadb, unnecessary inclusion of older
EELF library, an upgrade of swagger tools to fix a security
issue and lastly an override of a depedency to clear a
security issue.
Issue-ID: POLICY-507
Change-Id: I8767f6edc37551c559010d96d350afdd5961f13d
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
- <version>1.4.193</version>
</dependency>
<dependency>
<groupId>org.mariadb.jdbc</groupId>
</dependency>
<dependency>
<groupId>org.mariadb.jdbc</groupId>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
+ <version>2.8.2</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
- <version>[1.4.186,)</version>
</dependency>
<dependency>
<groupId>com.github.fge</groupId>
</dependency>
<dependency>
<groupId>com.github.fge</groupId>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
- <version>2.5.0</version>
+ <version>2.7.0</version>
</dependency>
<dependency>
<groupId>org.onap.policy.engine</groupId>
</dependency>
<dependency>
<groupId>org.onap.policy.engine</groupId>
<artifactId>epsdk-workflow</artifactId>
<version>${epsdk.version}</version>
</dependency>
<artifactId>epsdk-workflow</artifactId>
<version>${epsdk.version}</version>
</dependency>
- <dependency>
- <groupId>com.att.eelf</groupId>
- <artifactId>eelf-core</artifactId>
- <version>0.0.1</version>
- </dependency>
<!-- bridge to implement commons-logging using slf4j -->
<dependency>
<groupId>org.slf4j</groupId>
<!-- bridge to implement commons-logging using slf4j -->
<dependency>
<groupId>org.slf4j</groupId>
<version>4.11</version>
<scope>test</scope>
</dependency>
<version>4.11</version>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.mariadb.jdbc</groupId>
- <artifactId>mariadb-java-client</artifactId>
- <version>1.2.3</version>
+ <!--
+ CLM security fix - force use of xstream
+ Remove this if a new version of drools-verifier is upgraded
+ that upgrades to xstream.
+ -->
+ <dependency>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ <version>1.4.10</version>
</dependency>
<dependency>
<groupId>org.drools</groupId>
<artifactId>drools-verifier</artifactId>
</dependency>
<dependency>
<groupId>org.drools</groupId>
<artifactId>drools-verifier</artifactId>
- <version>6.3.0.Final</version>
+ <version>6.5.0.Final</version>
<exclusions>
<exclusion>
<groupId>com.google.guava</groupId>
<exclusions>
<exclusion>
<groupId>com.google.guava</groupId>
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
</exclusion>
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
</exclusions>
</dependency>
<dependency>