From 8c09e7fbee0f8e1bc5e1c6e89e2aaf6fa4bec7a5 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 20 Oct 2022 15:20:03 +0200
Subject: chore(core): update third-party libs

include commons-text-1.10.0 to fix CVE-2022-42889
---
 pom.xml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'pom.xml')
diff --git a/pom.xml b/pom.xml
index 9c3324b3..bcfc25f7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,30 +25,31 @@
     <!-- ===================================================================== -->
     <egiz-spring-api>0.3</egiz-spring-api>
     <egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend>
-    <eaaf-core.version>1.3.4</eaaf-core.version>
+    <eaaf-core.version>1.3.7</eaaf-core.version>
 
     <spring-boot-starter-web.version>2.5.14</spring-boot-starter-web.version>
     <spring-boot-admin-starter-client.version>2.7.4</spring-boot-admin-starter-client.version>
     <org.springframework.version>5.3.23</org.springframework.version>
     <org.thymeleaf-spring5.version>3.0.15.RELEASE</org.thymeleaf-spring5.version>
-    <apache.cxf.version>3.5.3</apache.cxf.version>
+    <apache.cxf.version>3.5.4</apache.cxf.version>
     
     <eidas-ref.version>2.6.0</eidas-ref.version>
 
     <org.apache.commons-lang3.version>3.12.0</org.apache.commons-lang3.version>
-    <org.apache.commons-text.version>1.9</org.apache.commons-text.version>
+    <org.apache.commons-text.version>1.10.0</org.apache.commons-text.version>
     <commons-collections4.version>4.4</commons-collections4.version>
 
     <commons-io.version>2.11.0</commons-io.version>
     <com.google.guava.version>31.1-jre</com.google.guava.version>
     <joda-time.version>2.11.2</joda-time.version>
     <jackson.version>2.13.4</jackson.version>
+    <jackson-databind>2.13.4.2</jackson-databind>
     <jackson-datatype-jsr310.version>2.13.4</jackson-datatype-jsr310.version>
     <jackson-databind-nullable.version>0.2.3</jackson-databind-nullable.version>
     <swagger-parser.version>2.1.3</swagger-parser.version>
     
     <org.slf4j.version>1.7.36</org.slf4j.version>
-    <log4j.version>2.18.0</log4j.version>    
+    <log4j.version>2.19.0</log4j.version>    
     <ch.qos.logback.version>1.2.11</ch.qos.logback.version>
            
     <!-- for code generation -->
@@ -88,7 +89,7 @@
 
 
     <!-- Build and assembly -->
-    <org.projectlombok.lombok.version>1.18.20</org.projectlombok.lombok.version>
+    <org.projectlombok.lombok.version>1.18.24</org.projectlombok.lombok.version>
     <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
     <versions-maven-plugin.version>2.8.1</versions-maven-plugin.version>
     <license-maven-plugin>1.20</license-maven-plugin>
@@ -420,7 +421,7 @@
       <dependency>
         <groupId>com.fasterxml.jackson.core</groupId>
         <artifactId>jackson-databind</artifactId>
-        <version>${jackson.version}</version>
+        <version>${jackson-databind}</version>
       </dependency>
       <dependency>
         <groupId>com.fasterxml.jackson.datatype</groupId>
-- 
cgit v1.2.3

