Fix security issues
Guava was not fully defined correctly. In order to exclude
an older version being pulled in, the dependencyManagement
needs to come from oparent and not overriden in drools-pdp.
Issue-ID: INT-619
Change-Id: I58dfb815f02d61e47552e671540144b7b1ed3df5
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
diff --git a/policy-core/pom.xml b/policy-core/pom.xml
index 18157c0..8cbef40 100644
--- a/policy-core/pom.xml
+++ b/policy-core/pom.xml
@@ -39,7 +39,7 @@
<dependencies>
<!--
Issue: 1 of 2
- These 2 dependencies are trying to upgrade security fixes
+ These 3 dependencies are trying to upgrade security fixes
identified. If they are removed or manipulated then please
fix the 2nd change as noted below.
-->
@@ -52,6 +52,10 @@
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
</dependency>
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </dependency>
<dependency>
<groupId>org.kie</groupId>
@@ -77,6 +81,10 @@
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>