Add enforce-victims-rule to prevent shipping with vulnerable dependen…

…cies - Exclude httpclient from fcrepo-integration-ldp project. Resolves: https://www.pivotaltracker.com/story/show/72875022
fcrepo · Oct 17, 2014 · 2a18f12 · 2a18f12
1 parent 91c464d
commit 2a18f12
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/fcrepo-integration-ldp/pom.xml b/fcrepo-integration-ldp/pom.xml
@@ -159,6 +159,10 @@
            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
          </exclusion>
+         <exclusion>
+           <groupId>commons-httpclient</groupId>
+           <artifactId>commons-httpclient</artifactId>
+         </exclusion>
        </exclusions>
      </dependency>
      <dependency>
@@ -175,4 +179,4 @@
      </dependency>
   </dependencies>
 
-</project>
+</project>
diff --git a/pom.xml b/pom.xml
@@ -846,6 +846,14 @@
       <plugin>
         <artifactId>maven-enforcer-plugin</artifactId>
         <version>1.3</version>
+        <dependencies>
+          <dependency>
+            <groupId>com.redhat.victims</groupId>
+            <artifactId>enforce-victims-rule</artifactId>
+            <version>1.3.4</version>
+            <type>jar</type>
+          </dependency>
+        </dependencies>
         <executions>
           <execution>
             <goals>
@@ -877,6 +885,21 @@
               </rules>
             </configuration>
           </execution>
+          <execution>
+            <id>enforce-victims-rule</id>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <rule implementation="com.redhat.victims.VictimsRule">
+                  <metadata>fatal</metadata>
+                  <fingerprint>fatal</fingerprint>
+                  <updates>daily</updates>
+                </rule>
+              </rules>
+            </configuration>
+          </execution>
         </executions>
       </plugin>
       <plugin>