From 39f94caf86e054b2485beeae09c4947d75b017c1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 9 Dec 2020 15:36:45 +0100 Subject: update third-party lib org.cryptacular to v 1.2.4 because openSAML 3.4.5 includes v1.1.3 with CVE-2020-7226 --- eaaf_modules/eaaf_module_pvp2_core/pom.xml | 4 ++++ pom.xml | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index 86a66f4e..a0eee0e6 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -54,6 +54,10 @@ org.apache.santuario xmlsec + + org.cryptacular + cryptacular + org.bouncycastle bcprov-jdk15to18 diff --git a/pom.xml b/pom.xml index c9f7309a..33588b5d 100644 --- a/pom.xml +++ b/pom.xml @@ -50,6 +50,7 @@ 5.2.8.RELEASE 3.4.5 2.2.0 + 1.2.4 1.67 1.67 @@ -431,6 +432,12 @@ xmlsec ${org.apache.santuario.xmlsec.version} + + + org.cryptacular + cryptacular + ${org.cryptacular.version} + org.bouncycastle bcprov-jdk15to18 -- cgit v1.2.3