From ae805bd717047d124df9f8036bdd455886285462 Mon Sep 17 00:00:00 2001
From: Matthias Sohn <matthias.sohn@sap.com>
Date: Wed, 28 Nov 2018 19:26:55 +0100
Subject: [PATCH] Update Apache commons compress to 1.18.0

to consume fix for vulnerability [1] in Apache commons compress which is
fixed in version 1.18.

[1] https://nvd.nist.gov/vuln/detail/CVE-2018-1324

CQ: 18320
Change-Id: I39b1d815e5b8e0208600afafe7a72bb603d04fb8
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
---
 WORKSPACE | 4 ++--
 pom.xml   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/WORKSPACE b/WORKSPACE
index 008eeb9a9..66bdd67cb 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -96,8 +96,8 @@ maven_jar(
 
 maven_jar(
     name = "commons-compress",
-    artifact = "org.apache.commons:commons-compress:1.15",
-    sha1 = "b686cd04abaef1ea7bc5e143c080563668eec17e",
+    artifact = "org.apache.commons:commons-compress:1.18",
+    sha1 = "1191f9f2bc0c47a8cce69193feb1ff0a8bcb37d5",
 )
 
 maven_jar(
diff --git a/pom.xml b/pom.xml
index aacdd65d4..4c29b621f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -205,7 +205,7 @@
     <junit-version>4.12</junit-version>
     <test-fork-count>1C</test-fork-count>
     <args4j-version>2.33</args4j-version>
-    <commons-compress-version>1.15</commons-compress-version>
+    <commons-compress-version>1.18</commons-compress-version>
     <osgi-core-version>4.3.1</osgi-core-version>
     <servlet-api-version>3.1.0</servlet-api-version>
     <jetty-version>9.4.11.v20180605</jetty-version>