Also upgrade WSS4J to 2.4.1 which is supposed to work with CXF >= 3.4.*.
Pull Request Description
Fixes the above two vulnerabilities being reported against Oxalis-AS4 5.4.0 by snyk and Trivy.
I have barely tested a snapshot of it with Oxalis 5.4.0 in a test environment at Digipost (both inbound and outbound processes), but haven't found any isses so far.
Not 100% sure yet if the upgrade breaks anything else.
Type of Pull Request
[ ] New feature/Enhancement - non-breaking change which adds functionality
[X] Bug fix
[ ] Breaking change (Require Major version change?)
Type of Change
[ ] OpenPeppol AS4 specification
[X] Oxalis software change or enhancement
[ ] CEF change
Pull Request Checklist:
[X] My code follows the style guidelines of this project
[NA] I have commented my code, particularly in hard-to-understand areas. But did not added unnecessary annotation/comment say @author name etc
[X] I have checked my code for variable and method name and corrected grammar/spelling mistakes if any
[NA] I have made corresponding changes to the documentation where needed
[X] My changes generate no new/additional warnings
[?] My change is not breaking or creating conflict with associated dependencies
[X] I have performed a self-review of my own code
[X] I ran mvn clean install before commit and all tests run successfully
[X] I conducted basic QA to assure all features are working fine
[X] My pull request generate no conflicts with master branch
[X] I requested code review from other team members
CVE-2022-46363
Also upgrade WSS4J to 2.4.1 which is supposed to work with CXF >= 3.4.*.
Pull Request Description
Fixes the above two vulnerabilities being reported against Oxalis-AS4 5.4.0 by snyk and Trivy. I have barely tested a snapshot of it with Oxalis 5.4.0 in a test environment at Digipost (both inbound and outbound processes), but haven't found any isses so far.
Not 100% sure yet if the upgrade breaks anything else.
Type of Pull Request
Type of Change
Pull Request Checklist:
mvn clean install
before commit and all tests run successfullymaster
branch