The latest version of spring-security-saml-core version 1.0.10.RELEASE is subject to vulnerability CVE-2022-23437. The version of esapi used (2.2.2.0) has a dependency to xerces-impl version 2.12.0 which is where the vulernability stems from.
Updating the esapi version to 2.2.3.0 or greater removes the dependency to xerces-impl.
The latest version of spring-security-saml-core version 1.0.10.RELEASE is subject to vulnerability CVE-2022-23437. The version of esapi used (2.2.2.0) has a dependency to xerces-impl version 2.12.0 which is where the vulernability stems from.
Updating the esapi version to 2.2.3.0 or greater removes the dependency to xerces-impl.