Clean up pom.xml and fix CLM
This has some cleanup for overriding managed dependencies, a
duplicate entry for mariadb, unnecessary inclusion of older
EELF library, an upgrade of swagger tools to fix a security
issue and lastly an override of a depedency to clear a
security issue.
Issue-ID: POLICY-507
Change-Id: I8767f6edc37551c559010d96d350afdd5961f13d
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
diff --git a/PolicyEngineUtils/pom.xml b/PolicyEngineUtils/pom.xml
index 9e2e13b..e7196c5 100644
--- a/PolicyEngineUtils/pom.xml
+++ b/PolicyEngineUtils/pom.xml
@@ -88,15 +88,20 @@
<version>4.11</version>
<scope>test</scope>
</dependency>
+ <!--
+ CLM security fix - force use of xstream
+ Remove this if a new version of drools-verifier is upgraded
+ that upgrades to xstream.
+ -->
<dependency>
- <groupId>org.mariadb.jdbc</groupId>
- <artifactId>mariadb-java-client</artifactId>
- <version>1.2.3</version>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ <version>1.4.10</version>
</dependency>
<dependency>
<groupId>org.drools</groupId>
<artifactId>drools-verifier</artifactId>
- <version>6.3.0.Final</version>
+ <version>6.5.0.Final</version>
<exclusions>
<exclusion>
<groupId>com.google.guava</groupId>
@@ -106,6 +111,10 @@
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>