Santuario/xmlsec depends on woodstox, a StAX library, which apparently has some current CVEs open. It may be impossible to yank due to the way xmlsec initializes, but we should at least look into it.
Environment
None
Activity
Scott CantorJanuary 3, 2023 at 3:47 PM
Applied to both branches based on apparently having no impact on IdP.
Santuario/xmlsec depends on woodstox, a StAX library, which apparently has some current CVEs open. It may be impossible to yank due to the way xmlsec initializes, but we should at least look into it.