From a4a39b821f0ba28269932393c283b7f88fd61dea Mon Sep 17 00:00:00 2001
From: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
Date: Wed, 14 Dec 2022 13:15:40 -0500
Subject: [PATCH] [1.x] Fixes CVE-2022-46363 (#2349)

* Update cxf-core to 3.5.5

Signed-off-by: Stephen Crawford <steecraw@amazon.com>
(cherry picked from commit 8b907c42554e9dded68b19c759278e7c7bbcedae)
---
 README.md    | 2 +-
 build.gradle | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 2e5488786c..1e280e4b1d 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
 
 # OpenSearch Security Plugin
 
-OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. When combined with OpenSearch Security-Advanced Modules, it supports authentication via Active Directory, LDAP, Kerberos, JSON web tokens, SAML, OpenID and more. It includes fine grained role-based access control to indices, documents and fields. It also provides multi-tenancy support in OpenSearch Dashboards.
+OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. When combined with OpenSearch Security-Advanced Modules, it supports authentication via Active Directory, LDAP, Kerberos, JSON web tokens, SAML, OpenID and more. It includes fine-grained role-based access control to indices, documents and fields. It also provides multi-tenancy support in OpenSearch Dashboards.
 
 - [Features](#features)
 - [Installation](#installation)
diff --git a/build.gradle b/build.gradle
index 2cb5b55fe2..01c90b995a 100644
--- a/build.gradle
+++ b/build.gradle
@@ -102,7 +102,7 @@ dependencies {
     implementation 'org.ldaptive:ldaptive:1.2.3'
     implementation 'org.apache.httpcomponents:httpclient-cache:4.5.13'
     implementation 'io.jsonwebtoken:jjwt-api:0.10.8'
-    implementation("org.apache.cxf:cxf-rt-rs-security-jose:3.4.5") {
+    implementation("org.apache.cxf:cxf-rt-rs-security-jose:3.5.5") {
         exclude(group: 'jakarta.activation', module: 'jakarta.activation-api')
     }
     implementation 'com.github.wnameless:json-flattener:0.5.0'