GUACAMOLE-1859: Update xmlsec to 2.2.6 (transitive dependency of SAML).

2025-09-05 20:57:40 +00:00 · 2023-12-01 11:05:56 -08:00
parent df7309c1f3
commit 1b11b31045
5 changed files with 27 additions and 7 deletions
--- a/doc/licenses/apache-santuario-2.2.3/dep-coordinates.txt
+++ b/doc/licenses/apache-santuario-2.2.3/dep-coordinates.txt
@@ -1 +0,0 @@
-org.apache.santuario:xmlsec:jar:2.2.3
--- a/doc/licenses/apache-santuario-2.2.6/NOTICE
+++ b/doc/licenses/apache-santuario-2.2.6/NOTICE
@@ -1,5 +1,5 @@
 Apache Santuario - XML Security for Java
-Copyright 1999-2021 The Apache Software Foundation
+Copyright 1999-2022 The Apache Software Foundation

 This product includes software developed at
 The Apache Software Foundation (http://www.apache.org/).
@@ -10,3 +10,5 @@ Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
 The development of this software was partly funded by the European 
 Commission in the <WebSig> project in the ISIS Programme. 

+This product contains software that is
+copyright (c) 2021, Oracle and/or its affiliates.
--- a/doc/licenses/apache-santuario-2.2.6/README
+++ b/doc/licenses/apache-santuario-2.2.6/README
@@ -1,7 +1,7 @@
 Apache Santuario (https://santuario.apache.org/)
 -------------------------------------------------

-    Version: 2.2.3
+    Version: 2.2.6
    From: 'Apache Software Foundation' (https://www.apache.org/)
    License(s):
        Apache v2.0
--- a/doc/licenses/apache-santuario-2.2.6/dep-coordinates.txt
+++ b/doc/licenses/apache-santuario-2.2.6/dep-coordinates.txt
@@ -0,0 +1 @@
+org.apache.santuario:xmlsec:jar:2.2.6
--- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/pom.xml
+++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/pom.xml
@@ -74,15 +74,26 @@
            <groupId>com.onelogin</groupId>
            <artifactId>java-saml</artifactId>
            <version>2.9.0</version>
-            <!--
-                Replace vulnerable version of Woodstox until upstream
-                releases a version with fixed dependencies
-            -->
            <exclusions>
+
+                <!--
+                    Replace vulnerable version of Woodstox until upstream
+                    releases a version with fixed dependencies
+                -->
                <exclusion>
                    <groupId>com.fasterxml.woodstox</groupId>
                    <artifactId>woodstox-core</artifactId>
                </exclusion>
+
+                <!--
+                    Replace vulnerable version of xmlsec until upstream
+                    releases a version with fixed dependencies
+                -->
+                <exclusion>
+                    <groupId>org.apache.santuario</groupId>
+                    <artifactId>xmlsec</artifactId>
+                </exclusion>
+
            </exclusions>
        </dependency>

@@ -93,6 +104,13 @@
            <version>5.4.0</version>
        </dependency>

+        <!-- Apache XML Security for Java -->
+        <dependency>
+            <groupId>org.apache.santuario</groupId>
+            <artifactId>xmlsec</artifactId>
+            <version>2.2.6</version>
+        </dependency>
+
    </dependencies>

 </project>