Upgrade commons-collection for security fix

author Pamela Dragosh <pdragosh@research.att.com>

Mon, 5 Mar 2018 15:25:41 +0000 (10:25 -0500)

committer Pamela Dragosh <pdragosh@research.att.com>

Mon, 5 Mar 2018 16:11:14 +0000 (11:11 -0500)
author Pamela Dragosh <pdragosh@research.att.com>
Mon, 5 Mar 2018 15:25:41 +0000 (10:25 -0500)
committer Pamela Dragosh <pdragosh@research.att.com>
Mon, 5 Mar 2018 16:11:14 +0000 (11:11 -0500)
diff --git a/BRMSGateway/pom.xml b/BRMSGateway/pom.xml

index 39e943b..0d9ebfb 100644 (file)
--- a/BRMSGateway/pom.xml
+++ b/BRMSGateway/pom.xml
@@ -66,10 +66,26 @@
                         <artifactId>integrity-monitor</artifactId>
                         <version>${project.version}</version>
                 </dependency>
+               <!--
+               CLM security fix - force use of commons-collections 3.2.2.
+               Remove this if a new version of nexus-rest-client-java is upgraded
+               to not use velocity (and then subsequently commons-collections v3.1 
+                -->
+               <dependency>
+                   <groupId>commons-collections</groupId>
+                   <artifactId>commons-collections</artifactId>
+                   <version>3.2.2</version>
+               </dependency>
                 <dependency>
                         <groupId>org.sonatype.nexus</groupId>
                         <artifactId>nexus-rest-client-java</artifactId>
                         <version>2.3.1-01</version>
+                       <exclusions>
+                               <exclusion>
+                                       <groupId>commons-collections</groupId>
+                                       <artifactId>commons-collections</artifactId>
+                               </exclusion>
+                       </exclusions>
                 </dependency>
                 <dependency>
                         <groupId>com.thoughtworks.xstream</groupId>
diff --git a/ONAP-SDK-APP/pom.xml b/ONAP-SDK-APP/pom.xml

index c1ce21e..687e5b3 100644 (file)
--- a/ONAP-SDK-APP/pom.xml
+++ b/ONAP-SDK-APP/pom.xml
@@ -238,6 +238,16 @@
                         <type>jar</type>
                 </dependency>
                 <!-- SDK components -->
+               <!--
+               CLM security fix - force use of commons-collections 3.2.2.
+               Remove this if a new version of epsdk-core is upgraded
+               to not use esapi (and then subsequently commons-collections v3.2
+                -->
+               <dependency>
+                   <groupId>commons-collections</groupId>
+                   <artifactId>commons-collections</artifactId>
+                   <version>3.2.2</version>
+               </dependency>
                 <dependency>
                         <groupId>org.onap.portal.sdk</groupId>
                         <artifactId>epsdk-core</artifactId>
@@ -247,6 +257,10 @@
                                         <groupId>mysql</groupId>
                                         <artifactId>mysql-connector-java</artifactId>
                                 </exclusion>
+                               <exclusion>
+                                       <groupId>commons-collections</groupId>
+                                       <artifactId>commons-collections</artifactId>
+                               </exclusion>
                         </exclusions>
                 </dependency>
                 <dependency>
author	Pamela Dragosh <pdragosh@research.att.com>
	Mon, 5 Mar 2018 15:25:41 +0000 (10:25 -0500)
committer	Pamela Dragosh <pdragosh@research.att.com>
	Mon, 5 Mar 2018 16:11:14 +0000 (11:11 -0500)
BRMSGateway/pom.xml		patch \| blob \| history
ONAP-SDK-APP/pom.xml		patch \| blob \| history