Remove logback 1.1.3 security issue
cdp-pal and eelf are the dependencies using logback-classic
1.1.3. Need to use exclusions option in pom file
Change-Id: Id8f5817ec955e2b7b486bc0215c35541086606aa
Signed-off-by: Patrick Brady <pb071s@att.com>
Issue-ID: APPC-1018
diff --git a/appc-config/appc-flow-controller/provider/pom.xml b/appc-config/appc-flow-controller/provider/pom.xml
index f3cd09b..065b3be 100644
--- a/appc-config/appc-flow-controller/provider/pom.xml
+++ b/appc-config/appc-flow-controller/provider/pom.xml
@@ -69,8 +69,19 @@
<artifactId>jackson-dataformat-yaml</artifactId>
</dependency>
<dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>${logback.version}</version>
+ </dependency>
+ <dependency>
<groupId>com.att.eelf</groupId>
<artifactId>eelf-core</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.onap.ccsdk.sli.adaptors</groupId>
@@ -141,7 +152,8 @@
<Bundle-SymbolicName>org.onap.appc.flow.controller</Bundle-SymbolicName>
<Bundle-Activator>org.onap.appc.flow.controller.FlowControllerActivator</Bundle-Activator>
<Export-Package>org.onap.appc.flow.controller</Export-Package>
- <Import-Package>*</Import-Package>
+ <Import-Package>groovy.lang;resolution:=optional,
+ org.codehaus.groovy.*;resolution:=optional,*</Import-Package>
<Embed-Dependency>eelf-core,logback-core,logback-classic</Embed-Dependency>
<DynamicImport-Package>*</DynamicImport-Package>
</instructions>