[jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)

[ https://issues.apache.org/jira/browse/WSS-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17312907#comment-17312907 ] Colm O hEigeartaigh commented on WSS-683: - Yes, it appears that dependency exclusion does not work

[jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)

[ https://issues.apache.org/jira/browse/WSS-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17312534#comment-17312534 ] Nick Monkman commented on WSS-683: -- Any insights from the sample? > WSS4J depends on Velocity 1.7 which

[jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)

[ https://issues.apache.org/jira/browse/WSS-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17308434#comment-17308434 ] Nick Monkman commented on WSS-683: -- [~coheigea]  Attached now, sorry about that > WSS4J depends on

[jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)

[ https://issues.apache.org/jira/browse/WSS-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17308429#comment-17308429 ] Colm O hEigeartaigh commented on WSS-683: - [~kraberus] - Where is WSS_Sample.zip? > WSS4J depends

[jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)

[ https://issues.apache.org/jira/browse/WSS-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17308190#comment-17308190 ] Nick Monkman commented on WSS-683: -- Attached WSS_Sample.zip, built with gradle 5.6.4. Hope it helps! >

[jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)

[ https://issues.apache.org/jira/browse/WSS-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17306034#comment-17306034 ] Colm O hEigeartaigh commented on WSS-683: - Can you attach a sample gradle project that I can use to

[jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)

[ https://issues.apache.org/jira/browse/WSS-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17304999#comment-17304999 ] Nick Monkman commented on WSS-683: -- Yes.  Here is the relevant output of 'gradle dependencies'.  The 

[jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)

[ https://issues.apache.org/jira/browse/WSS-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17304766#comment-17304766 ] Colm O hEigeartaigh commented on WSS-683: - [~kraberus] - WSS4J excludes Velocity from OpenSAML:

[jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)

[ https://issues.apache.org/jira/browse/WSS-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17304321#comment-17304321 ] Nick Monkman commented on WSS-683: -- Ouch. Not what I wanted to hear but it makes sense. Thanks for the

[jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)

[ https://issues.apache.org/jira/browse/WSS-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17304310#comment-17304310 ] Daniel Kulp commented on WSS-683: - OpenSaml 4.x requires java 11 and we still need to support Java8. Thus,