Override version for guava

Change-Id: I94f7454089dcd3b52a0c6c40bfadb59439d58d62
Signed-off-by: dglFromAtt <dgl@research.att.com>
Issue-ID: DMAAP-656

diff --git a/pom.xml b/pom.xml
index d0c1898..62ca18a 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -232,16 +232,19 @@
                        <version>1.2.0</version>
                </dependency>
 <!-- DMAAP-656:
-   - removed this dependency because it utilized a third party
-   - lib called com.google.guava:20.0 which had severe threat identified.
-   - build code without this dependency and it seemed to work, so perhaps it
-   - is not needed?
+   - override this dependency because it utilized a third party
+   - lib called com.google.guava:20.0 which had severe security threat identified.
+ -->
+               <dependency>
+                       <groupId>com.google.guava</groupId>
+                       <artifactId>guava</artifactId>
+                       <version>24.1.1-jre</version>
+               </dependency>
                <dependency>
                        <groupId>io.swagger</groupId>
                        <artifactId>swagger-core</artifactId>
                        <version>${swagger.version}</version>
                </dependency>
- -->
                <dependency>
                        <groupId>io.swagger</groupId>
                        <artifactId>swagger-jersey2-jaxrs</artifactId>