From c3b8d8702d68d4d17c4e851948030682ec17b610 Mon Sep 17 00:00:00 2001
From: "opensearch-trigger-bot[bot]"
 <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
Date: Fri, 16 Dec 2022 12:37:56 -0500
Subject: [PATCH] Upgrade CXF to 3.5.5 to address CVE-2022-46363 (#2350)
 (#2357)

---
 build.gradle | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/build.gradle b/build.gradle
index f0dc171272..be2a529148 100644
--- a/build.gradle
+++ b/build.gradle
@@ -261,7 +261,7 @@ dependencies {
     implementation 'org.ldaptive:ldaptive:1.2.3'
     implementation 'org.apache.httpcomponents:httpclient-cache:4.5.13'
     implementation 'io.jsonwebtoken:jjwt-api:0.10.8'
-    implementation('org.apache.cxf:cxf-rt-rs-security-jose:3.4.5') {
+    implementation('org.apache.cxf:cxf-rt-rs-security-jose:3.5.5') {
         exclude(group: 'jakarta.activation', module: 'jakarta.activation-api')
     }
     implementation 'com.github.wnameless:json-flattener:0.5.0'
@@ -272,9 +272,9 @@ dependencies {
 
     runtimeOnly 'net.minidev:accessors-smart:2.4.7'
 
-    runtimeOnly 'org.apache.cxf:cxf-core:3.4.5'
-    implementation 'org.apache.cxf:cxf-rt-rs-json-basic:3.4.5'
-    runtimeOnly 'org.apache.cxf:cxf-rt-security:3.4.5'
+    runtimeOnly 'org.apache.cxf:cxf-core:3.5.5'
+    implementation 'org.apache.cxf:cxf-rt-rs-json-basic:3.5.5'
+    runtimeOnly 'org.apache.cxf:cxf-rt-security:3.5.5'
 
     runtimeOnly 'com.sun.activation:jakarta.activation:1.2.2'
     runtimeOnly 'com.eclipsesource.minimal-json:minimal-json:0.9.5'