Upgrade commons-collection for security fix

[policy/engine.git] / BRMSGateway / pom.xml

diff --git a/BRMSGateway/pom.xml b/BRMSGateway/pom.xml
index 39e943b..0d9ebfb 100644 (file)
--- a/BRMSGateway/pom.xml
+++ b/BRMSGateway/pom.xml
@@ -66,10 +66,26 @@
                        <artifactId>integrity-monitor</artifactId>
                        <version>${project.version}</version>
                </dependency>
+               <!--
+               CLM security fix - force use of commons-collections 3.2.2.
+               Remove this if a new version of nexus-rest-client-java is upgraded
+               to not use velocity (and then subsequently commons-collections v3.1 
+                -->
+               <dependency>
+                   <groupId>commons-collections</groupId>
+                   <artifactId>commons-collections</artifactId>
+                   <version>3.2.2</version>
+               </dependency>
                <dependency>
                        <groupId>org.sonatype.nexus</groupId>
                        <artifactId>nexus-rest-client-java</artifactId>
                        <version>2.3.1-01</version>
+                       <exclusions>
+                               <exclusion>
+                                       <groupId>commons-collections</groupId>
+                                       <artifactId>commons-collections</artifactId>
+                               </exclusion>
+                       </exclusions>
                </dependency>
                <dependency>
                        <groupId>com.thoughtworks.xstream</groupId>