Merge "Upgrade commons-collection for security fix"

author Jorge Hernandez <jh1730@att.com>

Mon, 5 Mar 2018 19:52:50 +0000 (19:52 +0000)

committer Gerrit Code Review <gerrit@onap.org>

Mon, 5 Mar 2018 19:52:50 +0000 (19:52 +0000)
author Jorge Hernandez <jh1730@att.com>
Mon, 5 Mar 2018 19:52:50 +0000 (19:52 +0000)
committer Gerrit Code Review <gerrit@onap.org>
Mon, 5 Mar 2018 19:52:50 +0000 (19:52 +0000)
diff --git a/BRMSGateway/pom.xml b/BRMSGateway/pom.xml

index 39e943b..0d9ebfb 100644 (file)
--- a/BRMSGateway/pom.xml
+++ b/BRMSGateway/pom.xml
@@ -66,10 +66,26 @@
                         <artifactId>integrity-monitor</artifactId>
                         <version>${project.version}</version>
                 </dependency>
+               <!--
+               CLM security fix - force use of commons-collections 3.2.2.
+               Remove this if a new version of nexus-rest-client-java is upgraded
+               to not use velocity (and then subsequently commons-collections v3.1 
+                -->
+               <dependency>
+                   <groupId>commons-collections</groupId>
+                   <artifactId>commons-collections</artifactId>
+                   <version>3.2.2</version>
+               </dependency>
                 <dependency>
                         <groupId>org.sonatype.nexus</groupId>
                         <artifactId>nexus-rest-client-java</artifactId>
                         <version>2.3.1-01</version>
+                       <exclusions>
+                               <exclusion>
+                                       <groupId>commons-collections</groupId>
+                                       <artifactId>commons-collections</artifactId>
+                               </exclusion>
+                       </exclusions>
                 </dependency>
                 <dependency>
                         <groupId>com.thoughtworks.xstream</groupId>
diff --git a/ONAP-SDK-APP/pom.xml b/ONAP-SDK-APP/pom.xml

index c1ce21e..687e5b3 100644 (file)
--- a/ONAP-SDK-APP/pom.xml
+++ b/ONAP-SDK-APP/pom.xml
@@ -238,6 +238,16 @@
                         <type>jar</type>
                 </dependency>
                 <!-- SDK components -->
+               <!--
+               CLM security fix - force use of commons-collections 3.2.2.
+               Remove this if a new version of epsdk-core is upgraded
+               to not use esapi (and then subsequently commons-collections v3.2
+                -->
+               <dependency>
+                   <groupId>commons-collections</groupId>
+                   <artifactId>commons-collections</artifactId>
+                   <version>3.2.2</version>
+               </dependency>
                 <dependency>
                         <groupId>org.onap.portal.sdk</groupId>
                         <artifactId>epsdk-core</artifactId>
@@ -247,6 +257,10 @@
                                         <groupId>mysql</groupId>
                                         <artifactId>mysql-connector-java</artifactId>
                                 </exclusion>
+                               <exclusion>
+                                       <groupId>commons-collections</groupId>
+                                       <artifactId>commons-collections</artifactId>
+                               </exclusion>
                         </exclusions>
                 </dependency>
                 <dependency>
author	Jorge Hernandez <jh1730@att.com>
	Mon, 5 Mar 2018 19:52:50 +0000 (19:52 +0000)
committer	Gerrit Code Review <gerrit@onap.org>
	Mon, 5 Mar 2018 19:52:50 +0000 (19:52 +0000)
BRMSGateway/pom.xml		patch \| blob \| history
ONAP-SDK-APP/pom.xml		patch \| blob \| history