From 9a8c22652b3a7926790518ccee05ad39dacfa7de Mon Sep 17 00:00:00 2001
From: ManjunathMS35 <manjunathms35@gmail.com>
Date: Wed, 19 Feb 2020 15:21:53 +0100
Subject: [PATCH] Update Cryptacular version from 1.0 to 1.2.4

Hi,

Thanks for this open-source project.

The project Cryptacular is vulnerable to CVE-2020-7226, for details see [1]

This is mitigated in Cryptacular version 1.2.4 [2]

Regards,
Manjunath

1. https://nvd.nist.gov/vuln/detail/CVE-2020-7226
2. https://github.com/vt-middleware/cryptacular/issues/52
---
 opensaml-parent/pom.xml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/opensaml-parent/pom.xml b/opensaml-parent/pom.xml
index 3651699ec6..cb582b5dab 100644
--- a/opensaml-parent/pom.xml
+++ b/opensaml-parent/pom.xml
@@ -50,6 +50,7 @@
         <java-support.version>7.3.0-SNAPSHOT</java-support.version>
         <spring-extensions.version>5.3.0-SNAPSHOT</spring-extensions.version>
         <checkstyle.configLocation>${project.basedir}/../opensaml-parent/resources/checkstyle/checkstyle.xml</checkstyle.configLocation>
+        <cryptacular.version>1.2.4</cryptacular.version>
     </properties>
 
     <repositories>
@@ -118,7 +119,11 @@
               <artifactId>spymemcached</artifactId>
               <version>2.11.4</version>
           </dependency>
-
+          <dependency>
+              <groupId>org.cryptacular</groupId>
+              <artifactId>cryptacular</artifactId>
+              <version>${cryptacular.version}</version>
+          </dependency>
             <!-- Provided Dependencies -->
 
             <!-- Runtime Dependencies -->