Create a gist now

Instantly share code, notes, and snippets.

@cgruber /pom.xml
Last active Mar 9, 2017

Example enforcer rule to exclude commons-collections 3.2.1 from the build
<!-- Avoid the M.A.D. Gadget vulnerability in certain apache commons-collections versions -->
<project>
<!-- ... -->
<build>
<plugins>
<plugin>
<artifactId>maven-enforcer-plugin</artifactId>
<executions>
<execution>
<goals><goal>enforce</goal></goals>
<configuration>
<rules>
<bannedDependencies>
<excludes>
<exclude>commons-collections:commons-collections:[3.0,3.2.1]</exclude>
<exclude>commons-collections:commons-collections:4.0</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment