[PATCH] (Issue1856) Exclude ACC 3.1, use 3.2.2 instead

Wald Commits scm-commit at wald.intevation.org
Tue Dec 22 18:48:17 CET 2015 

# HG changeset patch
# User Tom Gottfried <tom at intevation.de>
# Date 1450779726 -3600
# Node ID dece88059a36bdd62e998b91fa74be4fd55555ef
# Parent  2aaf87bc3ea74fdcab3810cd30be5e833e1207f7
(Issue1856) Exclude ACC 3.1, use 3.2.2 instead.

ACC 3.2.2 closes a critical serealization weakness.

diff -r 2aaf87bc3ea7 -r dece88059a36 backend/pom-oracle.xml
--- a/backend/pom-oracle.xml	Thu Dec 17 18:34:28 2015 +0100
+++ b/backend/pom-oracle.xml	Tue Dec 22 11:22:06 2015 +0100
@@ -92,9 +92,23 @@
       <version>1.0-SNAPSHOT</version>
     </dependency>
     <dependency>
+      <!-- Add less unsave version of transitive hibernate dependency -->
+      <groupId>commons-collections</groupId>
+      <artifactId>commons-collections</artifactId>
+      <version>3.2.2</version>
+      <scope>runtime</scope>
+    </dependency>
+    <dependency>
       <groupId>org.hibernate</groupId>
       <artifactId>hibernate-core</artifactId>
       <version>3.6.10.Final</version>
+      <exclusions>
+        <!-- exclude unsafe transitive dependency -->
+        <exclusion>
+          <groupId>commons-collections</groupId>
+          <artifactId>commons-collections</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.hibernate.javax.persistence</groupId>
diff -r 2aaf87bc3ea7 -r dece88059a36 backend/pom.xml
--- a/backend/pom.xml	Thu Dec 17 18:34:28 2015 +0100
+++ b/backend/pom.xml	Tue Dec 22 11:22:06 2015 +0100
@@ -92,9 +92,23 @@
       <version>1.0-SNAPSHOT</version>
     </dependency>
     <dependency>
+      <!-- Add less unsave version of transitive hibernate dependency -->
+      <groupId>commons-collections</groupId>
+      <artifactId>commons-collections</artifactId>
+      <version>3.2.2</version>
+      <scope>runtime</scope>
+    </dependency>
+    <dependency>
       <groupId>org.hibernate</groupId>
       <artifactId>hibernate-core</artifactId>
       <version>3.6.10.Final</version>
+      <exclusions>
+        <!-- exclude unsafe transitive dependency -->
+        <exclusion>
+          <groupId>commons-collections</groupId>
+          <artifactId>commons-collections</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.hibernate.javax.persistence</groupId>

More information about the Dive4Elements-commits mailing list