2 files changed, 11 insertions, 0 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index 86a66f4e..a0eee0e6 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -55,6 +55,10 @@
       <artifactId>xmlsec</artifactId>
     </dependency>
     <dependency>
+      <groupId>org.cryptacular</groupId>
+      <artifactId>cryptacular</artifactId>
+    </dependency>
+    <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk15to18</artifactId>
     </dependency>
diff --git a/pom.xml b/pom.xml
index c9f7309a..33588b5d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -50,6 +50,7 @@
     <org.springframework.version>5.2.8.RELEASE</org.springframework.version>
     <org.opensaml.version>3.4.5</org.opensaml.version>
     <org.apache.santuario.xmlsec.version>2.2.0</org.apache.santuario.xmlsec.version>
+    <org.cryptacular.version>1.2.4</org.cryptacular.version>
     <org.bouncycastle.bcprov-jdk15to18.version>1.67</org.bouncycastle.bcprov-jdk15to18.version>
     <org.bouncycastle.bctls-jdk15to18.version>1.67</org.bouncycastle.bctls-jdk15to18.version>
 
@@ -432,6 +433,12 @@
         <version>${org.apache.santuario.xmlsec.version}</version>
       </dependency>
       <dependency>
+        <!-- Set newer version, because 1.1.3 from openSAML dependency has an CVE-2020-7226 -->
+        <groupId>org.cryptacular</groupId>
+        <artifactId>cryptacular</artifactId>
+        <version>${org.cryptacular.version}</version>
+      </dependency>      
+      <dependency>
         <groupId>org.bouncycastle</groupId>
         <artifactId>bcprov-jdk15to18</artifactId>
         <version>${org.bouncycastle.bcprov-jdk15to18.version}</version>