From f4dde57fb22fbf513d60ceafcd633a9235979a7c Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Fri, 16 Dec 2022 13:34:46 -0500 Subject: [PATCH] Upgrade CXF to 3.5.5 to address CVE-2022-46363 (#2350) (#2358) Signed-off-by: Stephen Crawford Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> (cherry picked from commit 93faf7513154d89fbae9ce353de56263e4466a3c) Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> --- build.gradle | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build.gradle b/build.gradle index 7174fab077..5b1ca57360 100644 --- a/build.gradle +++ b/build.gradle @@ -261,7 +261,7 @@ dependencies { implementation 'org.ldaptive:ldaptive:1.2.3' implementation 'org.apache.httpcomponents:httpclient-cache:4.5.13' implementation 'io.jsonwebtoken:jjwt-api:0.10.8' - implementation('org.apache.cxf:cxf-rt-rs-security-jose:3.4.5') { + implementation('org.apache.cxf:cxf-rt-rs-security-jose:3.5.5') { exclude(group: 'jakarta.activation', module: 'jakarta.activation-api') } implementation 'com.github.wnameless:json-flattener:0.5.0' @@ -272,9 +272,9 @@ dependencies { runtimeOnly 'net.minidev:accessors-smart:2.4.7' - runtimeOnly 'org.apache.cxf:cxf-core:3.4.5' - implementation 'org.apache.cxf:cxf-rt-rs-json-basic:3.4.5' - runtimeOnly 'org.apache.cxf:cxf-rt-security:3.4.5' + runtimeOnly 'org.apache.cxf:cxf-core:3.5.5' + implementation 'org.apache.cxf:cxf-rt-rs-json-basic:3.5.5' + runtimeOnly 'org.apache.cxf:cxf-rt-security:3.5.5' runtimeOnly 'com.sun.activation:jakarta.activation:1.2.2' runtimeOnly 'com.eclipsesource.minimal-json:minimal-json:0.9.5'