Skip to content

Instantly share code, notes, and snippets.

@cgruber cgruber/pom.xml
Last active Sep 11, 2017

Embed
What would you like to do?
Download ZIP
Example enforcer rule to exclude commons-collections 3.2.1 from the build
Raw
pom.xml
<!-- Avoid the M.A.D. Gadget vulnerability in certain apache commons-collections versions -->
<project>
<!-- ... -->
<build>
<plugins>
<plugin>
<artifactId>maven-enforcer-plugin</artifactId>
<executions>
<execution>
<goals><goal>enforce</goal></goals>
<configuration>
<rules>
<bannedDependencies>
<excludes>
<exclude>commons-collections:commons-collections:[3.0,3.2.1]</exclude>
<exclude>commons-collections:commons-collections:4.0</exclude>
</excludes>
</bannedDependencies>
</rules>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
@TobiX

This comment has been minimized.

Sign in to view
Copy link

TobiX commented Sep 5, 2017
edited

Unfortunatly, the second exclude is wrong, since the GAV for commons-collections 4 is different from older versions. The correct syntax is:

 <exclude>org.apache.commons:commons-collections4:[4.0]</exclude>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.