You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ws.apache.org by co...@apache.org on 2020/02/19 08:28:28 UTC

[ws-wss4j] branch master updated: WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git


The following commit(s) were added to refs/heads/master by this push:
     new b864066  WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226
b864066 is described below

commit b86406645a518e5e80807f1840899067497916a0
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Feb 19 08:28:01 2020 +0000

    WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226
---
 parent/pom.xml             |  1 +
 ws-security-common/pom.xml | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/parent/pom.xml b/parent/pom.xml
index 59afa41..fc73da0 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -34,6 +34,7 @@
     <properties>
         <bcprov.version>1.64</bcprov.version>
         <commons.compress.version>1.20</commons.compress.version>
+        <cryptacular.version>1.2.4</cryptacular.version>
         <ehcache.version>2.10.6</ehcache.version>
         <geronimo.javamail.version>1.8.4</geronimo.javamail.version>
         <hamcrest.version>2.2</hamcrest.version>
diff --git a/ws-security-common/pom.xml b/ws-security-common/pom.xml
index 0150577..139b623 100644
--- a/ws-security-common/pom.xml
+++ b/ws-security-common/pom.xml
@@ -135,9 +135,19 @@
                     <groupId>com.google.guava</groupId>
                     <artifactId>guava</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.cryptacular</groupId>
+                    <artifactId>cryptacular</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
+            <groupId>org.cryptacular</groupId>
+            <artifactId>cryptacular</artifactId>
+            <version>${cryptacular.version}</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
             <version>27.1-jre</version>