This is an automated email from the ASF dual-hosted git repository. jgallimore pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 0fca7230c50775ccfd517c9663a1cd89e77b5bb2 Author: Jonathan Gallimore <[email protected]> AuthorDate: Wed Sep 22 14:02:11 2021 +0100 Update xmlsec to 2.2.3 to mitigate CVE-2021-40690 --- boms/tomee-microprofile/pom.xml | 2 +- boms/tomee-plume/pom.xml | 2 +- boms/tomee-plus/pom.xml | 2 +- pom.xml | 2 +- server/openejb-cxf/pom.xml | 11 ++++++++++- 5 files changed, 14 insertions(+), 5 deletions(-) diff --git a/boms/tomee-microprofile/pom.xml b/boms/tomee-microprofile/pom.xml index c0fe145..b477597 100644 --- a/boms/tomee-microprofile/pom.xml +++ b/boms/tomee-microprofile/pom.xml @@ -851,7 +851,7 @@ <dependency> <groupId>org.apache.santuario</groupId> <artifactId>xmlsec</artifactId> - <version>2.2.1</version> + <version>2.2.3</version> <exclusions> <exclusion> <artifactId>*</artifactId> diff --git a/boms/tomee-plume/pom.xml b/boms/tomee-plume/pom.xml index 8849e5f..edb43dc 100644 --- a/boms/tomee-plume/pom.xml +++ b/boms/tomee-plume/pom.xml @@ -906,7 +906,7 @@ <dependency> <groupId>org.apache.santuario</groupId> <artifactId>xmlsec</artifactId> - <version>2.2.1</version> + <version>2.2.3</version> <exclusions> <exclusion> <artifactId>*</artifactId> diff --git a/boms/tomee-plus/pom.xml b/boms/tomee-plus/pom.xml index 00b02c9..f643da5 100644 --- a/boms/tomee-plus/pom.xml +++ b/boms/tomee-plus/pom.xml @@ -972,7 +972,7 @@ <dependency> <groupId>org.apache.santuario</groupId> <artifactId>xmlsec</artifactId> - <version>2.2.1</version> + <version>2.2.3</version> <exclusions> <exclusion> <artifactId>*</artifactId> diff --git a/pom.xml b/pom.xml index 4bdbf90..2f11e29 100644 --- a/pom.xml +++ b/pom.xml @@ -1585,7 +1585,7 @@ <dependency> <artifactId>xmlsec</artifactId> <groupId>org.apache.santuario</groupId> - <version>2.2.1</version> + <version>2.2.3</version> </dependency> <dependency> <groupId>wsdl4j</groupId> diff --git a/server/openejb-cxf/pom.xml b/server/openejb-cxf/pom.xml index d41882b..2b77b4f 100644 --- a/server/openejb-cxf/pom.xml +++ b/server/openejb-cxf/pom.xml @@ -33,7 +33,7 @@ <properties> <tomee.build.name>${project.groupId}.server.cxf</tomee.build.name> - <wss4j.version>2.3.1</wss4j.version> + <wss4j.version>2.3.3</wss4j.version> <openejb.osgi.import.pkg> org.apache.xml.resolver*;resolution:=optional, * @@ -61,11 +61,20 @@ <artifactId>wsdl4j</artifactId> </dependency> <dependency> + <groupId>org.apache.santuario</groupId> + <artifactId>xmlsec</artifactId> + <version>2.2.3</version> + </dependency> + <dependency> <groupId>org.apache.wss4j</groupId> <artifactId>wss4j-ws-security-dom</artifactId> <version>${wss4j.version}</version> <exclusions> <exclusion> + <groupId>org.apache.santuario</groupId> + <artifactId>xmlsec</artifactId> + </exclusion> + <exclusion> <groupId>org.apache.geronimo.specs</groupId> <artifactId>geronimo-javamail_1.4_spec</artifactId> </exclusion>
