excluded transitive dependency to commons-fileupload version 1.3 and added dependency to commons-fileupload 1.3.1 to address security issue in older versions of commons-fileupload git-svn-id: https://svn.apache.org/repos/asf/struts/sandbox/trunk@1571052 13f79535-47bb-0310-9956-ffa450edef68

commit: 67d9f1b0841509e5d5226b5b7c71baec34e6671a [log] [tgz]
author: Bruce Allen Phillips <bphillips@apache.org> Sun Feb 23 18:37:22 2014 +0000
committer: Bruce Allen Phillips <bphillips@apache.org> Sun Feb 23 18:37:22 2014 +0000
tree: 24167c42c8e1e22bb3243fc4d531f3c05c65925a
parent: b2c7ab297d6c35ef2d3fb8a477b4937a6a5a1fde [diff]
diff --git a/struts2examples/pom.xml b/struts2examples/pom.xml
index fadea14..bdbf636 100644
--- a/struts2examples/pom.xml
+++ b/struts2examples/pom.xml

@@ -1,99 +1,111 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-	<groupId>struts.apache.org</groupId>
-	<artifactId>struts2examples</artifactId>
-	<version>1.0.0</version>
-	<packaging>pom</packaging>
-	<name>Struts 2 Examples</name>
-	<description>
-	  This is the parent pom for the Struts 2 examples that
-	  go with the Struts 2 Getting Started series of tutorials.
-  </description>
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>struts.apache.org</groupId>
+    <artifactId>struts2examples</artifactId>
+    <version>1.0.0</version>
+    <packaging>pom</packaging>
+    <name>Struts 2 Examples</name>
+    <description>
+        This is the parent pom for the Struts 2 examples that
+        go with the Struts 2 Getting Started series of tutorials.
+    </description>
 
-	<properties>
+    <properties>
 
-		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
-		<struts2.version>2.3.16</struts2.version>
+        <struts2.version>2.3.16</struts2.version>
 
-		<log4j.version>1.2.17</log4j.version>
+        <log4j.version>1.2.17</log4j.version>
 
-	</properties>
+    </properties>
 
-	<developers>
-		<developer>
-			<id>bphillips</id>
-			<name>Bruce Phillips</name>
-			<email>bphillips@ku.edu</email>
-			<organization>Apache Struts 2 Committer</organization>
-			<roles>
-				<role>Committer</role>
-			</roles>
-		</developer>
-	</developers>
+    <developers>
+        <developer>
+            <id>bphillips</id>
+            <name>Bruce Phillips</name>
+            <email>bphillips@ku.edu</email>
+            <organization>Apache Struts 2 Committer</organization>
+            <roles>
+                <role>Committer</role>
+            </roles>
+        </developer>
+    </developers>
 
-	<modules>
-		<module>basic_struts</module>
-		<module>helloworld</module>
-		<module>using_tags</module>
-		<module>coding_actions</module>
-		<module>form_processing</module>
-		<module>form_validation</module>
-		<module>message_resource</module>
-		<module>exception_handling</module>
-		<module>debugging_struts</module>
-		<module>form_tags</module>
-		<module>form_xml_validation</module>
-		<module>control_tags</module>
-		<module>wildcard_method_selection</module>
-		<module>themes</module>
-		<module>spring_struts</module>
-		<module>annotations</module>
-		<module>interceptors</module>
-		<module>unit_testing</module>
-		<module>http_session</module>
-		<module>preparable_interface</module>
-		<module>exclude_parameters</module>
-		<module>restful2actionmapper</module>
-		<module>bean_validation</module>
-	</modules>
+    <modules>
+        <module>basic_struts</module>
+        <module>helloworld</module>
+        <module>using_tags</module>
+        <module>coding_actions</module>
+        <module>form_processing</module>
+        <module>form_validation</module>
+        <module>message_resource</module>
+        <module>exception_handling</module>
+        <module>debugging_struts</module>
+        <module>form_tags</module>
+        <module>form_xml_validation</module>
+        <module>control_tags</module>
+        <module>wildcard_method_selection</module>
+        <module>themes</module>
+        <module>spring_struts</module>
+        <module>annotations</module>
+        <module>interceptors</module>
+        <module>unit_testing</module>
+        <module>http_session</module>
+        <module>preparable_interface</module>
+        <module>exclude_parameters</module>
+        <module>restful2actionmapper</module>
+        <module>bean_validation</module>
+    </modules>
 
 
 
-	<dependencies>
+    <dependencies>
 
-		<dependency>
-			<groupId>org.apache.struts</groupId>
-			<artifactId>struts2-core</artifactId>
-			<version>${struts2.version}</version>
-		</dependency>
+        <dependency>
+            <groupId>org.apache.struts</groupId>
+            <artifactId>struts2-core</artifactId>
+            <version>${struts2.version}</version>
+            <exclusions>
+                <exclusion>  <!-- exclude the transitive dependency to older version of commons-fileupload due to security issue -->
+                    <groupId>commons-fileupload</groupId>
+                    <artifactId>commons-fileupload</artifactId>
+                </exclusion>
+            </exclusions>                        
+        </dependency>
 
-		<dependency>
-			<groupId>log4j</groupId>
-			<artifactId>log4j</artifactId>
-			<version>${log4j.version}</version>
-		</dependency>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+            <version>${log4j.version}</version>
+        </dependency>
+        
+        <dependency> <!--explicitly include dependency on new version of commons-fileupload that fixes security issue-->
+            <groupId>commons-fileupload</groupId>
+            <artifactId>commons-fileupload</artifactId>
+            <version>1.3.1</version>
+        </dependency>
 
-	</dependencies>
+    </dependencies>
 
 
 
-	<build>
+    <build>
 
 
 
-		<plugins>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-compiler-plugin</artifactId>
-				<version>2.3.2</version>
-				<configuration>
-					<source>1.7</source>
-					<target>1.7</target>
-				</configuration>
-			</plugin>
-		</plugins>
-	</build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.3.2</version>
+                <configuration>
+                    <source>1.7</source>
+                    <target>1.7</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
 </project>
commit	67d9f1b0841509e5d5226b5b7c71baec34e6671a	[log] [tgz]
author	Bruce Allen Phillips <bphillips@apache.org>	Sun Feb 23 18:37:22 2014 +0000
committer	Bruce Allen Phillips <bphillips@apache.org>	Sun Feb 23 18:37:22 2014 +0000
tree	24167c42c8e1e22bb3243fc4d531f3c05c65925a
parent	b2c7ab297d6c35ef2d3fb8a477b4937a6a5a1fde [diff]