xmlsec 2.2.3 vulnerabilities

[sedovalx]

First, thank you for your work!

I noted that the latest released version of java-saml:2.9.0 depends on xmlsec:2.2.3 that has a known vulnerability. Also, the dependency is already updated to 3.0.2 (also has a major vulnerability) in the master branch. I'm wondering if you see it possible to release 2.9.1 with xmlsec:2.2.6 or release a new version of java-saml with xmlsec:3.0.3?

[jlorper]

@pitbulk is it planned a release anytime soon solving these vulnerabilities? Thank you

[albogdano]

I would consider this project dead by now. The maintaners even stopped responding. We'll be migrating to Spring SAML which uses the OpenSAML library.