[PPP-4182] Use of vulnerable component dom4j-1.6.1.jar CVE-2018-1000632

cube-js · Sep 22, 2018 · b520ea8 · b520ea8
1 parent f8a3eb5
commit b520ea8
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 11 deletions.
diff --git a/assemblies/psw-ce/pom.xml b/assemblies/psw-ce/pom.xml
@@ -24,7 +24,6 @@
     <pdi.version>8.2.0.0-SNAPSHOT</pdi.version>
     <commons-xul.version>8.2.0.0-SNAPSHOT</commons-xul.version>
     <mondrian-schemaworkbench-plugins.version>8.2.0.0-SNAPSHOT</mondrian-schemaworkbench-plugins.version>
-    <jaxen.version>1.1</jaxen.version>
   </properties>
   <dependencies>
     <dependency>
@@ -228,13 +227,6 @@
     <dependency>
       <groupId>jaxen</groupId>
       <artifactId>jaxen</artifactId>
-      <version>${jaxen.version}</version>
-      <exclusions>
-        <exclusion>
-          <artifactId>*</artifactId>
-          <groupId>*</groupId>
-        </exclusion>
-      </exclusions>
     </dependency>
 
     <!-- change bellow scope to runtime to include database drivers -->

diff --git a/mondrian/pom.xml b/mondrian/pom.xml
@@ -77,9 +77,8 @@
       <version>${commons-vfs2.version}</version>
     </dependency>
     <dependency>
-      <groupId>dom4j</groupId>
+      <groupId>org.dom4j</groupId>
       <artifactId>dom4j</artifactId>
-      <version>${dom4j.version}</version>
     </dependency>
     <dependency>
       <groupId>javax.validation</groupId>

diff --git a/pom.xml b/pom.xml
@@ -39,7 +39,6 @@
     <mockito-all.version>1.9.5</mockito-all.version>
     <commons-dbcp.version>1.2.1</commons-dbcp.version>
     <olap4j-xmlaserver.version>1.2.0</olap4j-xmlaserver.version>
-    <dom4j.version>1.6.1</dom4j.version>
     <dependency.postgres.revision>42.1.1</dependency.postgres.revision>
     <commons-logging.version>1.1.1</commons-logging.version>
     <eigenbase-xom.version>1.3.5</eigenbase-xom.version>