<parent>
<groupId>org.opendaylight.odlparent</groupId>
<artifactId>single-feature-parent</artifactId>
- <version>6.0.6-SNAPSHOT</version>
+ <version>13.1.1</version>
<relativePath>../../single-feature-parent</relativePath>
</parent>
<name>ODL :: odlparent :: ${project.artifactId}</name>
<packaging>kar</packaging>
+ <properties>
+ <pax.jdbc.version>1.5.7</pax.jdbc.version>
+ </properties>
+
<dependencies>
<dependency>
- <groupId>org.apache.karaf.features</groupId>
- <artifactId>enterprise</artifactId>
- <version>${karaf.version}</version>
+ <groupId>org.ops4j.pax.jdbc</groupId>
+ <artifactId>pax-jdbc-features</artifactId>
+ <version>${pax.jdbc.version}</version>
<classifier>features</classifier>
+ <exclusions>
+ <!--
+ Exclude Derby version 10.14.2.0 due to the vulnerability:
+ https://nvd.nist.gov/vuln/detail/CVE-2022-46337
+ for which there are no upstream builds we can use.
+
+ FIXME: ODLPARENT-311: Re-enable this when we require Java 21 runtime and upgrade to Derby 10.17.1.0+
+ -->
+ <exclusion>
+ <groupId>org.ops4j.pax.jdbc</groupId>
+ <artifactId>pax-jdbc-derby</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.ops4j.pax.jdbc</groupId>
+ <artifactId>pax-jdbc-derbyclient</artifactId>
+ </exclusion>
+ </exclusions>
<type>xml</type>
<scope>runtime</scope>
</dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.jdbc</artifactId>
+ <scope>compile</scope>
+ </dependency>
<dependency>
<groupId>org.apache.karaf.jdbc</groupId>
<artifactId>org.apache.karaf.jdbc.core</artifactId>
- <version>${karaf.version}</version>
- <scope>provided</scope>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.utils</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.karaf</groupId>
+ <artifactId>org.apache.karaf.util</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.karaf.jaas</groupId>
+ <artifactId>org.apache.karaf.jaas.boot</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
</dependencies>