This repository was archived by the owner on Nov 29, 2022. It is now read-only.
This repository was archived by the owner on Nov 29, 2022. It is now read-only.
Update esapi version for vulernability CVE-2022-23437 to 2.2.3.0 or greater #523
The latest version of spring-security-saml-core version 1.0.10.RELEASE is subject to vulnerability CVE-2022-23437. The version of esapi used (2.2.2.0) has a dependency to xerces-impl version 2.12.0 which is where the vulernability stems from.
Updating the esapi version to 2.2.3.0 or greater removes the dependency to xerces-impl.