ATS-534 : Security - Vulnerability in Quartz - CVE-2019-13990

- publish SNAPSHOT artifacts from the master branch
- exclude quartz dependency from tika-parsers

_ci/build.sh

@@ -8,8 +8,11 @@ pushd "$(dirname "${BASH_SOURCE[0]}")/../"
 # Always build the image, but only publish from the "master" branch
 [ "${TRAVIS_PULL_REQUEST}" = "false" ] && [ "${TRAVIS_BRANCH}" = "master" ] && PROFILE="internal" || PROFILE="local"
 
+# If the branch is "master" and the commit is not a Pull Request then deploy the JAR SNAPSHOT artifacts
+[ "${TRAVIS_PULL_REQUEST}" = "false" ] && [ "${TRAVIS_BRANCH}" = "master" ] && DEPLOY="deploy" || DEPLOY="install"
+
 mvn -B -U \
-    clean install \
+    clean ${DEPLOY} \
     -DadditionalOption=-Xdoclint:none -Dmaven.javadoc.skip=true \
     "-P${PROFILE},docker-it-setup"
 

alfresco-docker-tika/pom.xml

@@ -75,6 +75,11 @@
                     <groupId>org.bouncycastle</groupId>
                     <artifactId>bcmail-jdk15on</artifactId>
                 </exclusion>
+                <!-- TODO ATS-534 check transformations not affected by this missing quartz lib -->
+                <exclusion>
+                    <groupId>org.quartz-scheduler</groupId>
+                    <artifactId>quartz</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>