ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [ws-wss4j] branch 2_2_x-fixes updated: WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226
Date Wed, 19 Feb 2020 08:31:27 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 2_2_x-fixes
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git


The following commit(s) were added to refs/heads/2_2_x-fixes by this push:
     new c14f2b1  WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226
c14f2b1 is described below

commit c14f2b1192122605c6605495cc64b821c382e420
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Wed Feb 19 08:28:01 2020 +0000

    WSS-665 - Add cryptacular dependency and upgrade to 1.2.4 to fix CVE-2020-7226
---
 parent/pom.xml             |  1 +
 ws-security-common/pom.xml | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/parent/pom.xml b/parent/pom.xml
index 1b7df17..c87181b 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -34,6 +34,7 @@
     <properties>
         <bcprov.version>1.64</bcprov.version>
         <commons.compress.version>1.20</commons.compress.version>
+        <cryptacular.version>1.2.4</cryptacular.version>
         <ehcache.version>2.10.6</ehcache.version>
         <geronimo.javamail.version>1.8.4</geronimo.javamail.version>
         <jasypt.version>1.9.3</jasypt.version>
diff --git a/ws-security-common/pom.xml b/ws-security-common/pom.xml
index a792e34..d565230 100644
--- a/ws-security-common/pom.xml
+++ b/ws-security-common/pom.xml
@@ -131,9 +131,19 @@
                     <groupId>com.google.code.findbugs</groupId>
                     <artifactId>jsr305</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.cryptacular</groupId>
+                    <artifactId>cryptacular</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
+            <groupId>org.cryptacular</groupId>
+            <artifactId>cryptacular</artifactId>
+            <version>${cryptacular.version}</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
             <groupId>org.opensaml</groupId>
             <artifactId>opensaml-xacml-impl</artifactId>
             <version>${opensaml.version}</version>


Mime
View raw message