Exclude commons-collections

Since we are not using LDAP PIP we can get rid of this jar
that has security issues.

Issue-ID: POLICY-722
Change-Id: I93feacc8733a834866476db75933d8b2cf08c212
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>

diff --git a/controlloop/common/controller-beijing/pom.xml b/controlloop/common/controller-beijing/pom.xml
index 71165f7..b602162 100644 (file)
--- a/controlloop/common/controller-beijing/pom.xml
+++ b/controlloop/common/controller-beijing/pom.xml
@@ -158,6 +158,15 @@
             <groupId>com.att.research.xacml</groupId>
             <artifactId>xacml-pdp</artifactId>
             <version>1.0.1</version>
+                     <exclusions>
+                       <!-- The LDAP PIP uses velocity which pulls this insecure jar in. We
+                       are not using that PIP and can safely exclude this jar to resolve CLM issue.
+                        -->
+                       <exclusion>
+                         <groupId>commons-collections</groupId>
+                         <artifactId>commons-collections</artifactId>
+                       </exclusion>
+                     </exclusions>
         </dependency>
         <dependency>
             <groupId>org.onap.policy.drools-pdp</groupId>