Uploaded image for project: 'Policy Framework'
  1. Policy Framework
  2. POLICY-700

Remove nexus-rest-client-java dependency

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: High High
    • Beijing Release
    • None
    • None

      BRMSGateway uses a dependency that is 7 years old and is no longer being maintained:

      https://groups.google.com/a/glists.sonatype.com/forum/#!topic/nexus-users/cGbTrUJGEmQ

       

      <!--

      CLM security fix - force use of commons-collections 3.2.2.

      Remove this if a new version of nexus-rest-client-java is upgraded

      to not use velocity (and then subsequently commons-collections v3.1

      -->

      <dependency>

          <groupId>commons-collections</groupId>

          <artifactId>commons-collections</artifactId>

          <version>3.2.2</version>

      </dependency>

      <dependency>

      <groupId>org.sonatype.nexus</groupId>

      <artifactId>nexus-rest-client-java</artifactId>

      <version>2.3.1-01</version>

      <exclusions>

      <exclusion>

      <groupId>commons-collections</groupId>

      <artifactId>commons-collections</artifactId>

      </exclusion>

      </exclusions>

      </dependency>

       

       

      This dependency uses several old apache commons libraries that have security issues in them. Commons-collections was able to override but the httpclient could not be overridden.

       

            liamfallon liamfallon
            pdragosh pdragosh
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: