You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2020/02/19 08:28:28 UTC
[ws-wss4j] branch master updated: WSS-665 - Add cryptacular
dependency and upgrade to 1.2.4 to fix CVE-2020-7226
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new b864066 WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226
b864066 is described below
commit b86406645a518e5e80807f1840899067497916a0
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Feb 19 08:28:01 2020 +0000
WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226
---
parent/pom.xml | 1 +
ws-security-common/pom.xml | 10 ++++++++++
2 files changed, 11 insertions(+)
diff --git a/parent/pom.xml b/parent/pom.xml
index 59afa41..fc73da0 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -34,6 +34,7 @@
<properties>
<bcprov.version>1.64</bcprov.version>
<commons.compress.version>1.20</commons.compress.version>
+ <cryptacular.version>1.2.4</cryptacular.version>
<ehcache.version>2.10.6</ehcache.version>
<geronimo.javamail.version>1.8.4</geronimo.javamail.version>
<hamcrest.version>2.2</hamcrest.version>
diff --git a/ws-security-common/pom.xml b/ws-security-common/pom.xml
index 0150577..139b623 100644
--- a/ws-security-common/pom.xml
+++ b/ws-security-common/pom.xml
@@ -135,9 +135,19 @@
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.cryptacular</groupId>
+ <artifactId>cryptacular</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
+ <groupId>org.cryptacular</groupId>
+ <artifactId>cryptacular</artifactId>
+ <version>${cryptacular.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>27.1-jre</version>