diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-12-09 15:36:45 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-12-09 15:36:45 +0100 |
commit | 39f94caf86e054b2485beeae09c4947d75b017c1 (patch) | |
tree | 803a4477f6eab37fc38ff6c1462e7a19cc99a11e | |
parent | a126c249b8ed83dce4386331a49d04a42b53e448 (diff) | |
download | EAAF-Components-39f94caf86e054b2485beeae09c4947d75b017c1.tar.gz EAAF-Components-39f94caf86e054b2485beeae09c4947d75b017c1.tar.bz2 EAAF-Components-39f94caf86e054b2485beeae09c4947d75b017c1.zip |
update third-party lib org.cryptacular to v 1.2.4 because openSAML 3.4.5 includes v1.1.3 with CVE-2020-7226
-rw-r--r-- | eaaf_modules/eaaf_module_pvp2_core/pom.xml | 4 | ||||
-rw-r--r-- | pom.xml | 7 |
2 files changed, 11 insertions, 0 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index 86a66f4e..a0eee0e6 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -55,6 +55,10 @@ <artifactId>xmlsec</artifactId> </dependency> <dependency> + <groupId>org.cryptacular</groupId> + <artifactId>cryptacular</artifactId> + </dependency> + <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15to18</artifactId> </dependency> @@ -50,6 +50,7 @@ <org.springframework.version>5.2.8.RELEASE</org.springframework.version> <org.opensaml.version>3.4.5</org.opensaml.version> <org.apache.santuario.xmlsec.version>2.2.0</org.apache.santuario.xmlsec.version> + <org.cryptacular.version>1.2.4</org.cryptacular.version> <org.bouncycastle.bcprov-jdk15to18.version>1.67</org.bouncycastle.bcprov-jdk15to18.version> <org.bouncycastle.bctls-jdk15to18.version>1.67</org.bouncycastle.bctls-jdk15to18.version> @@ -432,6 +433,12 @@ <version>${org.apache.santuario.xmlsec.version}</version> </dependency> <dependency> + <!-- Set newer version, because 1.1.3 from openSAML dependency has an CVE-2020-7226 --> + <groupId>org.cryptacular</groupId> + <artifactId>cryptacular</artifactId> + <version>${org.cryptacular.version}</version> + </dependency> + <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15to18</artifactId> <version>${org.bouncycastle.bcprov-jdk15to18.version}</version> |