MODHAADM-37 exclude commons-beanutils, remove commons-digester (#107)

- common-beanutils dependency brought in by masterkey-common and commons-digester, it has arbitrary code execution vulnerability CVE-2014-0114. It appears to be unused.
indexdata · Oct 23, 2024 · 0fa58f4 · 0fa58f4
1 parent cd0c649
commit 0fa58f4
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 5 deletions.
diff --git a/harvester-admin/pom.xml b/harvester-admin/pom.xml
@@ -65,11 +65,6 @@
       <version>1.0</version>
       <scope>provided</scope>
     </dependency>
-    <dependency>
-      <groupId>commons-digester</groupId>
-      <artifactId>commons-digester</artifactId>
-      <version>1.5</version>
-    </dependency>
     <dependency>
       <groupId>javax.el</groupId>
       <artifactId>el-api</artifactId>

diff --git a/pom.xml b/pom.xml
@@ -133,6 +133,10 @@
           <groupId>log4j</groupId>
           <artifactId>log4j</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>commons-beanutils</groupId>
+          <artifactId>commons-beanutils</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <!-- bump the version of the masterkey-common dependency -->