Code Review / policy / drools-pdp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: deb9803)
Force dependency upgrade and exclusions 93/32593/1
authorPamela Dragosh <pdragosh@research.att.com>
Thu, 22 Feb 2018 16:58:47 +0000 (11:58 -0500)
committerPamela Dragosh <pdragosh@research.att.com>
Thu, 22 Feb 2018 17:21:35 +0000 (12:21 -0500)
LCM security issues are identified with plexus-utils and xstream. There
is no clear upgrade to the org.kie.* dependencies with a fix for both of
these. We will determine via testing as to whether these exclusions will
result in failure.

Issue-ID: POLICY-506
Change-Id: I9cefb814bb11a9babc4e4a2e47071ab74a46c011
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
policy-core/pom.xml patch | blob | history
pom.xml patch | blob | history

diff --git a/policy-core/pom.xml b/policy-core/pom.xml
index 4bfd23a..8cecd36 100644 (file)
--- a/policy-core/pom.xml
+++ b/policy-core/pom.xml
@@ -31,6 +31,23 @@
   </parent>
 
   <dependencies>
+    <!--
+    Issue: 1 of 2
+    These 2 dependencies are trying to upgrade security fixes
+    identified. If they are removed or manipulated then please
+    fix the 2nd change as noted below. 
+    -->
+    <dependency>
+        <groupId>org.codehaus.plexus</groupId>
+        <artifactId>plexus-utils</artifactId>
+        <version>3.0.24</version>
+    </dependency>
+    <dependency>
+        <groupId>com.thoughtworks.xstream</groupId>
+        <artifactId>xstream</artifactId>
+        <version>1.4.10</version>
+    </dependency>
+
     <dependency>
       <groupId>org.kie</groupId>
       <artifactId>kie-api</artifactId>
@@ -40,6 +57,22 @@
       <groupId>org.kie</groupId>
       <artifactId>kie-ci</artifactId>
       <version>6.5.0.Final</version>
+      <!--
+      Issue: 2 of 2
+      Excluding these 2 dependencies in order to force upgrade security fixes
+      identified. As declared above. Any changes here should be reflected above
+      and vice versa.
+      -->
+      <exclusions>
+        <exclusion>
+            <groupId>org.codehaus.plexus</groupId>
+            <artifactId>plexus-utils</artifactId>
+        </exclusion>
+        <exclusion>
+            <groupId>com.thoughtworks.xstream</groupId>
+            <artifactId>xstream</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.drools</groupId>
diff --git a/pom.xml b/pom.xml
index a279481..d6f32bd 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -324,13 +324,6 @@
                                        </dependency>
                                </dependencies>
                        </plugin>
-
-                       <plugin>
-                               <groupId>org.jacoco</groupId>
-                               <artifactId>jacoco-maven-plugin</artifactId>
-                       </plugin>
-
-
                </plugins>
                <pluginManagement>
                        <plugins>
The Drools PDP engine.