Upgrade commons-collection for security fix

[policy/engine.git] / ONAP-SDK-APP / pom.xml

diff --git a/ONAP-SDK-APP/pom.xml b/ONAP-SDK-APP/pom.xml
index c1ce21e..687e5b3 100644 (file)
--- a/ONAP-SDK-APP/pom.xml
+++ b/ONAP-SDK-APP/pom.xml
@@ -238,6 +238,16 @@
                        <type>jar</type>
                </dependency>
                <!-- SDK components -->
+               <!--
+               CLM security fix - force use of commons-collections 3.2.2.
+               Remove this if a new version of epsdk-core is upgraded
+               to not use esapi (and then subsequently commons-collections v3.2
+                -->
+               <dependency>
+                   <groupId>commons-collections</groupId>
+                   <artifactId>commons-collections</artifactId>
+                   <version>3.2.2</version>
+               </dependency>
                <dependency>
                        <groupId>org.onap.portal.sdk</groupId>
                        <artifactId>epsdk-core</artifactId>
@@ -247,6 +257,10 @@
                                        <groupId>mysql</groupId>
                                        <artifactId>mysql-connector-java</artifactId>
                                </exclusion>
+                               <exclusion>
+                                       <groupId>commons-collections</groupId>
+                                       <artifactId>commons-collections</artifactId>
+                               </exclusion>
                        </exclusions>
                </dependency>
                <dependency>