https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754 vulnerability

SAML-Toolkits / java-saml

Java SAML toolkit

MIT License

630 stars 393 forks source link

https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754 vulnerability #387

Open amitvocate opened 2 years ago

amitvocate commented 2 years ago

latest version is affected by https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754 is there a fix planned?

jonathannewman commented 2 years ago

This seems to have been resolved with https://github.com/onelogin/java-saml/pull/377 but there hasn't been a release with it. Is it possible to get a new release that contains this fix?

amarshall45676 commented 2 years ago

Seeing the same issue as well. Any timeline on when the next release will be with the patched library?

cstaylor commented 2 years ago

I've submitted a second PR that fixes all the remaining critical vulns.