[NIFI-12259] Upgrade Santuario XML to 2.3.4 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0.0-M1, 1.24.0
Component/s: Core Framework
Labels:
- dependency-upgrade

Description

Apache Santuario 2.3.4 includes a resolution for CVE-2023-44483, which relates to logging sensitive private key information at the debug level. Spring Security SAML2 has a dependency on Apache Santuario, which should be upgraded.

Attachments

Issue Links

links to

GitHub Pull Request #7916

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Oct/23 17:01

Updated:: 23/Oct/23 08:30

Resolved:: 23/Oct/23 08:30

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m