First, thank you for your work!
I noted that the latest released version of java-saml:2.9.0 depends on xmlsec:2.2.3 that has a known vulnerability. Also, the dependency is already updated to 3.0.2 (also has a major vulnerability) in the master branch. I'm wondering if you see it possible to release 2.9.1 with xmlsec:2.2.6 or release a new version of java-saml with xmlsec:3.0.3?
First, thank you for your work!
I noted that the latest released version of
java-saml:2.9.0depends onxmlsec:2.2.3that has a known vulnerability. Also, the dependency is already updated to 3.0.2 (also has a major vulnerability) in the master branch. I'm wondering if you see it possible to release 2.9.1 withxmlsec:2.2.6or release a new version ofjava-samlwithxmlsec:3.0.3?