You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rz...@apache.org on 2022/07/27 08:26:20 UTC
[tomee] 03/04: Update xmlsec to 2.2.3 to mitigate CVE-2021-40690
This is an automated email from the ASF dual-hosted git repository.
rzo1 pushed a commit to branch tomee-7.1.x
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 616f14ef9de415bda787512a0cbce72016cadb00
Author: Jonathan Gallimore <jo...@jrg.me.uk>
AuthorDate: Wed Sep 22 15:02:11 2021 +0200
Update xmlsec to 2.2.3 to mitigate CVE-2021-40690
(cherry picked from commit 0fca7230c50775ccfd517c9663a1cd89e77b5bb2)
---
pom.xml | 2 +-
server/openejb-cxf/pom.xml | 9 +++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 90655c16c8..6d54cb60ad 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1421,7 +1421,7 @@
<dependency>
<artifactId>xmlsec</artifactId>
<groupId>org.apache.santuario</groupId>
- <version>2.0.6</version>
+ <version>2.2.3</version>
</dependency>
<dependency>
<groupId>wsdl4j</groupId>
diff --git a/server/openejb-cxf/pom.xml b/server/openejb-cxf/pom.xml
index 48e5ec780c..2acb6edbb6 100644
--- a/server/openejb-cxf/pom.xml
+++ b/server/openejb-cxf/pom.xml
@@ -59,11 +59,20 @@
<groupId>wsdl4j</groupId>
<artifactId>wsdl4j</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.santuario</groupId>
+ <artifactId>xmlsec</artifactId>
+ <version>2.2.3</version>
+ </dependency>
<dependency>
<groupId>org.apache.wss4j</groupId>
<artifactId>wss4j-ws-security-dom</artifactId>
<version>${wss4j.version}</version>
<exclusions>
+ <exclusion>
+ <groupId>org.apache.santuario</groupId>
+ <artifactId>xmlsec</artifactId>
+ </exclusion>
<exclusion>
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>geronimo-javamail_1.4_spec</artifactId>