From 9e34cb692f84ec67f9bf2ef4a01830120d73f523 Mon Sep 17 00:00:00 2001 From: Dave Wichers Date: Wed, 12 Apr 2023 08:55:37 -0400 Subject: [PATCH] Ready for release. --- SECURITY.md | 1 + pom.xml | 14 +++++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index e37a0537..ddaa9153 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -37,3 +37,4 @@ These are the known CVEs reported for AntiSamy: CVEs in AntiSamy dependencies: * AntiSamy prior to 1.6.6 used the old CyberNeko HTML library v1.9.22, which is subject to https://www.cvedetails.com/cve/CVE-2022-28366 and no longer maintained. AntiSamy 1.6.6 upgraded to an active fork of CyberNeko called HtmlUnit-Neko which fixed this CVE in v2.27 of that library. AntiSamy 1.6.6 upgraded to version 2.60.0 of HtmlUnit-Neko. * AntiSamy 1.6.8 upgraded to HtmlUnit-Neko v2.61.0 because v2.60.0 is subject to https://www.cvedetails.com/cve/CVE-2022-29546 +* AntiSamy 1.7.3 upgraded to HtmlUnit-Neko v3.1.0 because all versions prior to 3.0.0 are subject to https://www.cvedetails.com/cve/CVE-2023-26119 diff --git a/pom.xml b/pom.xml index 38915b68..375f2aec 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.owasp.antisamy antisamy jar - 1.7.3-SNAPSHOT + 1.7.3 @@ -52,7 +52,7 @@ 2.0.0-M5 true UTF-8 - 2022-11-18T14:32:45Z + 2022-04-12T11:03:14Z 1.8 1.12.0 2.11.0 @@ -74,18 +74,22 @@ org.htmlunit neko-htmlunit - 3.1.0-SNAPSHOT + 3.1.0 org.apache.httpcomponents.client5 httpclient5 5.2.1 - + org.slf4j slf4j-api + + org.apache.httpcomponents.core5 + httpcore5 + @@ -403,7 +407,7 @@ org.apache.maven.plugins maven-site-plugin - 4.0.0-M6 + 4.0.0-M7