changeset 8801:dece88059a36

(Issue1856) Exclude ACC 3.1, use 3.2.2 instead. ACC 3.2.2 closes a critical serealization weakness.
author Tom Gottfried <tom@intevation.de>
date Tue, 22 Dec 2015 11:22:06 +0100
parents 2aaf87bc3ea7
children a58cbb1b7371
files backend/pom-oracle.xml backend/pom.xml
diffstat 2 files changed, 28 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/backend/pom-oracle.xml	Thu Dec 17 18:34:28 2015 +0100
+++ b/backend/pom-oracle.xml	Tue Dec 22 11:22:06 2015 +0100
@@ -92,9 +92,23 @@
       <version>1.0-SNAPSHOT</version>
     </dependency>
     <dependency>
+      <!-- Add less unsave version of transitive hibernate dependency -->
+      <groupId>commons-collections</groupId>
+      <artifactId>commons-collections</artifactId>
+      <version>3.2.2</version>
+      <scope>runtime</scope>
+    </dependency>
+    <dependency>
       <groupId>org.hibernate</groupId>
       <artifactId>hibernate-core</artifactId>
       <version>3.6.10.Final</version>
+      <exclusions>
+        <!-- exclude unsafe transitive dependency -->
+        <exclusion>
+          <groupId>commons-collections</groupId>
+          <artifactId>commons-collections</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.hibernate.javax.persistence</groupId>
--- a/backend/pom.xml	Thu Dec 17 18:34:28 2015 +0100
+++ b/backend/pom.xml	Tue Dec 22 11:22:06 2015 +0100
@@ -92,9 +92,23 @@
       <version>1.0-SNAPSHOT</version>
     </dependency>
     <dependency>
+      <!-- Add less unsave version of transitive hibernate dependency -->
+      <groupId>commons-collections</groupId>
+      <artifactId>commons-collections</artifactId>
+      <version>3.2.2</version>
+      <scope>runtime</scope>
+    </dependency>
+    <dependency>
       <groupId>org.hibernate</groupId>
       <artifactId>hibernate-core</artifactId>
       <version>3.6.10.Final</version>
+      <exclusions>
+        <!-- exclude unsafe transitive dependency -->
+        <exclusion>
+          <groupId>commons-collections</groupId>
+          <artifactId>commons-collections</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.hibernate.javax.persistence</groupId>

http://dive4elements.wald.intevation.org