CORE-17117: Force resolution of Commons Compress

corda · Oct 9, 2023 · ef1962b · ef1962b
1 parent 09fec81
commit ef1962b
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/build.gradle b/build.gradle
@@ -17,13 +17,6 @@ buildscript {
                 because "required until dokka plugin updates it's internal version of jsoup, not fixed as of dokka 1.7.10"
             }
         }
-
-        classpath "org.apache.avro:avro:$avroVersion"
-        constraints {
-            classpath("org.apache.commons:commons-compress:$commonsCompressVersion") {
-                because "CVE-2023-42503, current version of Avro uses an outdated version"
-            }
-        }
     }
 }
 

diff --git a/data/avro-schema/build.gradle b/data/avro-schema/build.gradle
@@ -27,6 +27,13 @@ dependencies {
     compileOnly 'org.osgi:osgi.annotation'
 }
 
+configurations.all {
+    resolutionStrategy {
+        // CVE-2023-42503, current version of Avro uses an outdated version
+        force "org.apache.commons:commons-compress:$commonsCompressVersion"
+    }
+}
+
 description 'Data Model Definitions'
 
 def generatedAvroDir = layout.buildDirectory.dir('generated-avro')