[#896] CVE-2022-34169 Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets (#897)

vharseko · web-flow · commit d17ab9180b60 · 2025-08-06T16:31:33.000+03:00
diff --git a/openam-federation/OpenFM/pom.xml b/openam-federation/OpenFM/pom.xml
@@ -13,7 +13,7 @@
  * information: "Portions copyright [year] [name of copyright owner]".
  *
  * Copyright 2011-2016 ForgeRock AS.
- * Portions copyright 2017-2024 3A Systems, LLC
+ * Portions copyright 2017-2025 3A Systems, LLC
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
@@ -180,7 +180,12 @@
         <dependency>
             <groupId>xalan</groupId>
             <artifactId>xalan</artifactId>
-            <version>2.7.2</version>
+            <version>2.7.3</version>
+        </dependency>
+        <dependency>
+            <groupId>xalan</groupId>
+            <artifactId>serializer</artifactId>
+            <version>2.7.3</version>
         </dependency>
     </dependencies>
 </project>
