Merge "Upgrade commons-collection for security fix"
diff --git a/BRMSGateway/pom.xml b/BRMSGateway/pom.xml
index 39e943b..0d9ebfb 100644
--- a/BRMSGateway/pom.xml
+++ b/BRMSGateway/pom.xml
@@ -66,10 +66,26 @@
<artifactId>integrity-monitor</artifactId>
<version>${project.version}</version>
</dependency>
+ <!--
+ CLM security fix - force use of commons-collections 3.2.2.
+ Remove this if a new version of nexus-rest-client-java is upgraded
+ to not use velocity (and then subsequently commons-collections v3.1
+ -->
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.2</version>
+ </dependency>
<dependency>
<groupId>org.sonatype.nexus</groupId>
<artifactId>nexus-rest-client-java</artifactId>
<version>2.3.1-01</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
diff --git a/ONAP-SDK-APP/pom.xml b/ONAP-SDK-APP/pom.xml
index c1ce21e..687e5b3 100644
--- a/ONAP-SDK-APP/pom.xml
+++ b/ONAP-SDK-APP/pom.xml
@@ -238,6 +238,16 @@
<type>jar</type>
</dependency>
<!-- SDK components -->
+ <!--
+ CLM security fix - force use of commons-collections 3.2.2.
+ Remove this if a new version of epsdk-core is upgraded
+ to not use esapi (and then subsequently commons-collections v3.2
+ -->
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.2</version>
+ </dependency>
<dependency>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-core</artifactId>
@@ -247,6 +257,10 @@
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>