From: liamfallon <liam.fallon@ericsson.com>
Date: Thu, 21 Jun 2018 02:45:48 +0000 (+0800)
Subject: Fix JMS plugin vulnerability
X-Git-Tag: 2.0.0~114^2
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=1303b2cfebc9dd12156db0a04b46ec401a4b4987;p=policy%2Fapex-pdp.git

Fix JMS plugin vulnerability

THe HornetQ JMS implementation had security vulnerabilities,
license issues, and the latest version is 3 years old.
The plugin was updated to use the Apache ActiveMQ JMS
implementaiton instead. ActiveMQ has a very recent
version, has no license issues, and has no recorded security
issues.

Issue-ID: POLICY-905
Change-Id: I2db80a9e45ee4274f31e8c493c841cd039e78050
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
---

diff --git a/plugins/plugins-event/plugins-event-carrier/plugins-event-carrier-jms/pom.xml b/plugins/plugins-event/plugins-event-carrier/plugins-event-carrier-jms/pom.xml
index 61abf52b4..3ad5d0b73 100644
--- a/plugins/plugins-event/plugins-event-carrier/plugins-event-carrier-jms/pom.xml
+++ b/plugins/plugins-event/plugins-event-carrier/plugins-event-carrier-jms/pom.xml
@@ -46,9 +46,20 @@
             <version>3.2.0.Final</version>
         </dependency>
         <dependency>
-            <groupId>org.hornetq</groupId>
-            <artifactId>hornetq-jms-client</artifactId>
-            <version>2.3.25.Final</version>
+            <groupId>org.apache.activemq</groupId>
+            <artifactId>artemis-jms-client</artifactId>
+            <version>2.6.1</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-all</artifactId>
+            <version>4.1.25.Final</version>
         </dependency>
     </dependencies>
-</project>
\ No newline at end of file
+</project>