excluded transitive dependency to commons-fileupload version 1.3 and added dependency to commons-fileupload 1.3.1 to address security issue in older versions of commons-fileupload
git-svn-id: https://svn.apache.org/repos/asf/struts/sandbox/trunk@1571052 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/struts2examples/pom.xml b/struts2examples/pom.xml
index fadea14..bdbf636 100644
--- a/struts2examples/pom.xml
+++ b/struts2examples/pom.xml
@@ -1,99 +1,111 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <groupId>struts.apache.org</groupId>
- <artifactId>struts2examples</artifactId>
- <version>1.0.0</version>
- <packaging>pom</packaging>
- <name>Struts 2 Examples</name>
- <description>
- This is the parent pom for the Struts 2 examples that
- go with the Struts 2 Getting Started series of tutorials.
- </description>
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>struts.apache.org</groupId>
+ <artifactId>struts2examples</artifactId>
+ <version>1.0.0</version>
+ <packaging>pom</packaging>
+ <name>Struts 2 Examples</name>
+ <description>
+ This is the parent pom for the Struts 2 examples that
+ go with the Struts 2 Getting Started series of tutorials.
+ </description>
- <properties>
+ <properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <struts2.version>2.3.16</struts2.version>
+ <struts2.version>2.3.16</struts2.version>
- <log4j.version>1.2.17</log4j.version>
+ <log4j.version>1.2.17</log4j.version>
- </properties>
+ </properties>
- <developers>
- <developer>
- <id>bphillips</id>
- <name>Bruce Phillips</name>
- <email>bphillips@ku.edu</email>
- <organization>Apache Struts 2 Committer</organization>
- <roles>
- <role>Committer</role>
- </roles>
- </developer>
- </developers>
+ <developers>
+ <developer>
+ <id>bphillips</id>
+ <name>Bruce Phillips</name>
+ <email>bphillips@ku.edu</email>
+ <organization>Apache Struts 2 Committer</organization>
+ <roles>
+ <role>Committer</role>
+ </roles>
+ </developer>
+ </developers>
- <modules>
- <module>basic_struts</module>
- <module>helloworld</module>
- <module>using_tags</module>
- <module>coding_actions</module>
- <module>form_processing</module>
- <module>form_validation</module>
- <module>message_resource</module>
- <module>exception_handling</module>
- <module>debugging_struts</module>
- <module>form_tags</module>
- <module>form_xml_validation</module>
- <module>control_tags</module>
- <module>wildcard_method_selection</module>
- <module>themes</module>
- <module>spring_struts</module>
- <module>annotations</module>
- <module>interceptors</module>
- <module>unit_testing</module>
- <module>http_session</module>
- <module>preparable_interface</module>
- <module>exclude_parameters</module>
- <module>restful2actionmapper</module>
- <module>bean_validation</module>
- </modules>
+ <modules>
+ <module>basic_struts</module>
+ <module>helloworld</module>
+ <module>using_tags</module>
+ <module>coding_actions</module>
+ <module>form_processing</module>
+ <module>form_validation</module>
+ <module>message_resource</module>
+ <module>exception_handling</module>
+ <module>debugging_struts</module>
+ <module>form_tags</module>
+ <module>form_xml_validation</module>
+ <module>control_tags</module>
+ <module>wildcard_method_selection</module>
+ <module>themes</module>
+ <module>spring_struts</module>
+ <module>annotations</module>
+ <module>interceptors</module>
+ <module>unit_testing</module>
+ <module>http_session</module>
+ <module>preparable_interface</module>
+ <module>exclude_parameters</module>
+ <module>restful2actionmapper</module>
+ <module>bean_validation</module>
+ </modules>
- <dependencies>
+ <dependencies>
- <dependency>
- <groupId>org.apache.struts</groupId>
- <artifactId>struts2-core</artifactId>
- <version>${struts2.version}</version>
- </dependency>
+ <dependency>
+ <groupId>org.apache.struts</groupId>
+ <artifactId>struts2-core</artifactId>
+ <version>${struts2.version}</version>
+ <exclusions>
+ <exclusion> <!-- exclude the transitive dependency to older version of commons-fileupload due to security issue -->
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>${log4j.version}</version>
- </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>${log4j.version}</version>
+ </dependency>
+
+ <dependency> <!--explicitly include dependency on new version of commons-fileupload that fixes security issue-->
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>1.3.1</version>
+ </dependency>
- </dependencies>
+ </dependencies>
- <build>
+ <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-compiler-plugin</artifactId>
- <version>2.3.2</version>
- <configuration>
- <source>1.7</source>
- <target>1.7</target>
- </configuration>
- </plugin>
- </plugins>
- </build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>2.3.2</version>
+ <configuration>
+ <source>1.7</source>
+ <target>1.7</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>