From 93faf7513154d89fbae9ce353de56263e4466a3c Mon Sep 17 00:00:00 2001
From: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
Date: Thu, 15 Dec 2022 14:37:49 -0500
Subject: [PATCH] Upgrade CXF to 3.5.5 to address CVE-2022-46363 (#2350)

Signed-off-by: Stephen Crawford <steecraw@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
---
 build.gradle | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/build.gradle b/build.gradle
index 85c7f73dca..cd172d7ba3 100644
--- a/build.gradle
+++ b/build.gradle
@@ -347,7 +347,7 @@ dependencies {
     implementation "org.bouncycastle:bcprov-jdk15on:${versions.bouncycastle}"
     implementation 'org.ldaptive:ldaptive:1.2.3'
     implementation 'io.jsonwebtoken:jjwt-api:0.10.8'
-    implementation('org.apache.cxf:cxf-rt-rs-security-jose:3.4.5') {
+    implementation('org.apache.cxf:cxf-rt-rs-security-jose:3.5.5') {
         exclude(group: 'jakarta.activation', module: 'jakarta.activation-api')
     }
     implementation 'com.github.wnameless:json-flattener:0.5.0'
@@ -358,9 +358,9 @@ dependencies {
 
     runtimeOnly 'net.minidev:accessors-smart:2.4.7'
 
-    runtimeOnly 'org.apache.cxf:cxf-core:3.4.5'
-    implementation 'org.apache.cxf:cxf-rt-rs-json-basic:3.4.5'
-    runtimeOnly 'org.apache.cxf:cxf-rt-security:3.4.5'
+    runtimeOnly 'org.apache.cxf:cxf-core:3.5.5'
+    implementation 'org.apache.cxf:cxf-rt-rs-json-basic:3.5.5'
+    runtimeOnly 'org.apache.cxf:cxf-rt-security:3.5.5'
 
     runtimeOnly 'com.sun.activation:jakarta.activation:1.2.2'
     runtimeOnly 'com.eclipsesource.minimal-json:minimal-json:0.9.5'