summaryrefslogtreecommitdiff
path: root/pom.xml
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-09 15:36:45 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-09 15:36:45 +0100
commit39f94caf86e054b2485beeae09c4947d75b017c1 (patch)
tree803a4477f6eab37fc38ff6c1462e7a19cc99a11e /pom.xml
parenta126c249b8ed83dce4386331a49d04a42b53e448 (diff)
downloadEAAF-Components-39f94caf86e054b2485beeae09c4947d75b017c1.tar.gz
EAAF-Components-39f94caf86e054b2485beeae09c4947d75b017c1.tar.bz2
EAAF-Components-39f94caf86e054b2485beeae09c4947d75b017c1.zip
update third-party lib org.cryptacular to v 1.2.4 because openSAML 3.4.5 includes v1.1.3 with CVE-2020-7226
Diffstat (limited to 'pom.xml')
-rw-r--r--pom.xml7
1 files changed, 7 insertions, 0 deletions
diff --git a/pom.xml b/pom.xml
index c9f7309a..33588b5d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -50,6 +50,7 @@
<org.springframework.version>5.2.8.RELEASE</org.springframework.version>
<org.opensaml.version>3.4.5</org.opensaml.version>
<org.apache.santuario.xmlsec.version>2.2.0</org.apache.santuario.xmlsec.version>
+ <org.cryptacular.version>1.2.4</org.cryptacular.version>
<org.bouncycastle.bcprov-jdk15to18.version>1.67</org.bouncycastle.bcprov-jdk15to18.version>
<org.bouncycastle.bctls-jdk15to18.version>1.67</org.bouncycastle.bctls-jdk15to18.version>
@@ -432,6 +433,12 @@
<version>${org.apache.santuario.xmlsec.version}</version>
</dependency>
<dependency>
+ <!-- Set newer version, because 1.1.3 from openSAML dependency has an CVE-2020-7226 -->
+ <groupId>org.cryptacular</groupId>
+ <artifactId>cryptacular</artifactId>
+ <version>${org.cryptacular.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15to18</artifactId>
<version>${org.bouncycastle.bcprov-jdk15to18.version}</version>