[GitHub] [guacamole-client] necouchman commented on a diff in pull request #884: GUACAMOLE-1806: Update Java dependencies to patched versions

via GitHub Sat, 10 Jun 2023 04:20:10 -0700


necouchman commented on code in PR #884:
URL: https://github.com/apache/guacamole-client/pull/884#discussion_r1225297121



##########
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/pom.xml:
##########
@@ -74,6 +74,23 @@
             <groupId>com.onelogin</groupId>
             <artifactId>java-saml</artifactId>
             <version>2.9.0</version>
+            <!--
+                Replace vulnerable version of Woodstox until upstream
+                releases a version with fixed dependencies
+            -->
+            <exclusions>
+                <exclusion>
+                    <groupId>com.fasterxml.woodstox</groupId>
+                    <artifactId>woodstox-core</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!-- Woodstox -->
+        <dependency>
+            <groupId>com.fasterxml.woodstox</groupId>
+            <artifactId>woodstox-core</artifactId>
+            <version>5.4.0</version>

Review Comment:
   Was this change thoroughly tested to make sure that the SAML library 
functions as expected with this dependency being swapped out from under it?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [guacamole-client] necouchman commented on a diff in pull request #884: GUACAMOLE-1806: Update Java dependencies to patched versions

Reply via email to