GUACAMOLE-1806: Update Java dependencies to patched versions

These changes should address the following (potentially relevant) vulnerabilities: - CVE-2022-21724 - CVE-2022-26520 - CVE-2022-31197 - CVE-2022-40151 - CVE-2022-40152 - CVE-2022-41946 - CVE-2023-20861 - CVE-2023-20862 - CVE-2023-20863 - GHSA-673j-qm5f-xpv8
2025-09-06 13:17:41 +00:00 · 2023-06-09 22:26:42 +02:00
parent 4290c378c8
commit 846c507ba7
13 changed files with 33 additions and 16 deletions
--- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/pom.xml
+++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/pom.xml
@@ -74,6 +74,23 @@
            <groupId>com.onelogin</groupId>
            <artifactId>java-saml</artifactId>
            <version>2.9.0</version>
+            <!--
+                Replace vulnerable version of Woodstox until upstream
+                releases a version with fixed dependencies
+            -->
+            <exclusions>
+                <exclusion>
+                    <groupId>com.fasterxml.woodstox</groupId>
+                    <artifactId>woodstox-core</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!-- Woodstox -->
+        <dependency>
+            <groupId>com.fasterxml.woodstox</groupId>
+            <artifactId>woodstox-core</artifactId>
+            <version>5.4.0</version>
        </dependency>

    </dependencies>