Close issue ESAPI#586 by updating to AntiSamy 1.5.12.

kwwall · kwwall · commit c1f64d15fa84 · 2021-01-09T23:07:25.000-05:00
Also remove comment about CVE-2020-14338 which is not addressed by previous Synkbot PR.
diff --git a/pom.xml b/pom.xml
@@ -238,7 +238,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.5.11</version>
+            <version>1.5.12</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
@@ -285,7 +285,6 @@
         <dependency>
             <groupId>xerces</groupId>
             <artifactId>xercesImpl</artifactId>
-            <!-- Note: CVE-2020-14338) in xercesImpl:2.12.0 but Apache has not released an update to this library yet to eliminate it. See ESAPI-security-bulletin3.pdf for further details. -->
             <version>2.12.1</version>
         </dependency>
         <dependency>
@@ -939,4 +938,4 @@
             </build>
         </profile>
     </profiles>
-</project>
+</project>
