Skip to content
This repository has been archived by the owner on Nov 29, 2022. It is now read-only.

Update esapi version for vulernability CVE-2022-23437 to 2.2.3.0 or greater #523

Open
row49382 opened this issue Feb 28, 2022 · 0 comments
Open

Update esapi version for vulernability CVE-2022-23437 to 2.2.3.0 or greater #523

row49382 opened this issue Feb 28, 2022 · 0 comments

Comments

@row49382
Copy link

row49382 commented Feb 28, 2022
edited
Loading

The latest version of spring-security-saml-core version 1.0.10.RELEASE is subject to vulnerability CVE-2022-23437. The version of esapi used (2.2.2.0) has a dependency to xerces-impl version 2.12.0 which is where the vulernability stems from.

Updating the esapi version to 2.2.3.0 or greater removes the dependency to xerces-impl.
@row49382 row49382 changed the title Update esapi version for vulernability CVE-2022-23437 to 2.2 Update esapi version for vulernability CVE-2022-23437 to 2.2.3.0 or greater Mar 3, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@row49382