Remove CLM issues with commons-collections We know that we are not configuring an LDAP PIP in our use of the XACML open source. The LDAP implementation uses Apache Velocity, which uses a very old version of commons-collections that has security issues. So we can exclude commons-collections from the build. Issue-ID: POLICY-504 Change-Id: I6d90731e601f58c8edaca6fe02df30ee2a090c2f Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>

commit: c11d90593b95f03f4b555af0c10ddf3bb2b262c1 [log] [tgz]
author: Pamela Dragosh <pdragosh@research.att.com> Thu Mar 01 17:11:20 2018 -0500
committer: Pamela Dragosh <pdragosh@research.att.com> Thu Mar 01 17:11:27 2018 -0500
tree: f145c8e67408417751caff7c33d9f06253a9cf91
parent: cfe2c6e071f5e43ad01f470a3c87230dd1e1fe13 [diff] [blame]
diff --git a/controlloop/common/eventmanager/pom.xml b/controlloop/common/eventmanager/pom.xml
index d0ce651..6264e7e 100644
--- a/controlloop/common/eventmanager/pom.xml
+++ b/controlloop/common/eventmanager/pom.xml

@@ -48,6 +48,15 @@
       <artifactId>xacml</artifactId>
       <version>1.0.1</version>
       <scope>provided</scope>
+      <exclusions>
+        <!-- The LDAP PIP uses velocity which pulls this insecure jar in. We
+        are not using that PIP and can safely exclude this jar to resolve CLM issue.
+         -->
+        <exclusion>
+          <groupId>commons-collections</groupId>
+          <artifactId>commons-collections</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.onap.policy.drools-applications.controlloop.common.actors</groupId>
commit	c11d90593b95f03f4b555af0c10ddf3bb2b262c1	[log] [tgz]
author	Pamela Dragosh <pdragosh@research.att.com>	Thu Mar 01 17:11:20 2018 -0500
committer	Pamela Dragosh <pdragosh@research.att.com>	Thu Mar 01 17:11:27 2018 -0500
tree	f145c8e67408417751caff7c33d9f06253a9cf91
parent	cfe2c6e071f5e43ad01f470a3c87230dd1e1fe13 [diff] [blame]