Clean up pom.xml and fix CLM

[policy/engine.git] / PolicyEngineUtils / pom.xml

diff --git a/PolicyEngineUtils/pom.xml b/PolicyEngineUtils/pom.xml
index 9e2e13b..e7196c5 100644 (file)
--- a/PolicyEngineUtils/pom.xml
+++ b/PolicyEngineUtils/pom.xml
@@ -88,15 +88,20 @@
                        <version>4.11</version>
                        <scope>test</scope>
                </dependency>
-               <dependency>
-                       <groupId>org.mariadb.jdbc</groupId>
-                       <artifactId>mariadb-java-client</artifactId>
-                       <version>1.2.3</version>
+               <!--
+               CLM security fix - force use of xstream
+               Remove this if a new version of drools-verifier is upgraded
+               that upgrades to xstream.
+                -->
+               <dependency>
+                   <groupId>com.thoughtworks.xstream</groupId>
+                   <artifactId>xstream</artifactId>
+                   <version>1.4.10</version>
                </dependency>
                <dependency>
                        <groupId>org.drools</groupId>
                        <artifactId>drools-verifier</artifactId>
-                       <version>6.3.0.Final</version>
+                       <version>6.5.0.Final</version>
                        <exclusions>
                                <exclusion>
                                        <groupId>com.google.guava</groupId>
@@ -106,6 +111,10 @@
                                        <groupId>com.lowagie</groupId>
                                <artifactId>itext</artifactId>
                                </exclusion>
+                               <exclusion>
+                                   <groupId>com.thoughtworks.xstream</groupId>
+                                   <artifactId>xstream</artifactId>
+                               </exclusion>
                        </exclusions>
                </dependency>
                <dependency>