From 143ecb4d342503aedc41ad10777ed13df5dd2036 Mon Sep 17 00:00:00 2001 From: Mariusz Pala Date: Sun, 8 Feb 2026 19:47:56 +0100 Subject: [PATCH 1/2] Modernize fork: upgrade deps, replace logback with log4j2, add versions-maven-plugin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Major changes from upstream SAML-Toolkits/java-saml v2.9.0: - Change groupId from com.onelogin to com.generiscorp (Java packages unchanged) - Bump version to 3.0.3-SNAPSHOT - Replace logback-classic with log4j2 + log4j-slf4j2-impl (aligns with cara ecosystem) - Upgrade all dependencies to latest stable: - xmlsec 3.0.2 → 4.0.4 (CVE fixes) - SLF4J 1.7.36 → 2.0.17 - commons-lang3 3.13.0 → 3.20.0 - commons-codec 1.16.0 → 1.21.0 - azure-keyvault 4.7.0 → 4.10.2 - azure-identity 1.10.1 → 1.18.2 - mockito 3.12.4 → 5.21.0 - hamcrest 2.2 → 3.0 - Add JUnit 5 BOM + vintage engine (existing JUnit 4 tests run unchanged) - Upgrade all Maven plugins to latest stable versions - Add versions-maven-plugin (runs during validate phase, reports outdated deps) - Centralize all version numbers as properties in parent POM - Add pluginManagement for surefire, jacoco, jar, compiler - Update SCM URLs to point to generiscorp/java-saml - Remove samples module - Fix test assertion for changed xmlsec error message - Fix deprecated org.mockito.Matchers → org.mockito.ArgumentMatchers All 464 tests passing. --- README.md | 195 ++++++------------ core/pom.xml | 43 ++-- .../onelogin/saml2/test/util/UtilsTest.java | 2 +- pom.xml | 191 ++++++++++++----- samples/java-saml-tookit-jspsample/.gitignore | 1 - samples/java-saml-tookit-jspsample/pom.xml | 27 --- .../main/resources/onelogin.saml.properties | 171 --------------- .../src/main/webapp/WEB-INF/web.xml | 7 - .../src/main/webapp/acs.jsp | 114 ---------- .../src/main/webapp/attrs.jsp | 92 --------- .../src/main/webapp/dologin.jsp | 18 -- .../src/main/webapp/dologout.jsp | 35 ---- .../src/main/webapp/index.jsp | 26 --- .../src/main/webapp/metadata.jsp | 16 -- .../src/main/webapp/sls.jsp | 47 ----- samples/pom.xml | 17 -- toolkit/pom.xml | 40 ++-- .../com/onelogin/saml2/test/AuthTest.java | 2 +- 18 files changed, 248 insertions(+), 796 deletions(-) delete mode 100644 samples/java-saml-tookit-jspsample/.gitignore delete mode 100644 samples/java-saml-tookit-jspsample/pom.xml delete mode 100644 samples/java-saml-tookit-jspsample/src/main/resources/onelogin.saml.properties delete mode 100644 samples/java-saml-tookit-jspsample/src/main/webapp/WEB-INF/web.xml delete mode 100644 samples/java-saml-tookit-jspsample/src/main/webapp/acs.jsp delete mode 100644 samples/java-saml-tookit-jspsample/src/main/webapp/attrs.jsp delete mode 100644 samples/java-saml-tookit-jspsample/src/main/webapp/dologin.jsp delete mode 100644 samples/java-saml-tookit-jspsample/src/main/webapp/dologout.jsp delete mode 100644 samples/java-saml-tookit-jspsample/src/main/webapp/index.jsp delete mode 100644 samples/java-saml-tookit-jspsample/src/main/webapp/metadata.jsp delete mode 100644 samples/java-saml-tookit-jspsample/src/main/webapp/sls.jsp delete mode 100644 samples/pom.xml diff --git a/README.md b/README.md index dff707cc..1f6dd983 100644 --- a/README.md +++ b/README.md @@ -1,42 +1,31 @@ # SAML Java Toolkit -[![Build Status](https://travis-ci.org/onelogin/java-saml.svg?branch=master)](https://travis-ci.org/onelogin/java-saml) [![Coverage Status](https://coveralls.io/repos/github/onelogin/java-saml/badge.svg?branch=master)](https://coveralls.io/github/onelogin/java-saml?branch=master) +> **Maintained fork** of [SAML-Toolkits/java-saml](https://github.com/SAML-Toolkits/java-saml) by [Generis](https://github.com/generiscorp). +> +> The upstream project is [no longer actively maintained](https://github.com/SAML-Toolkits/java-saml/issues). This fork provides: +> - **Up-to-date dependencies** with security patches (xmlsec 4.0.4, SLF4J 2.0.x, etc.) +> - **Log4j2** as the logging backend (replacing logback) +> - **Dependency update reporting** via versions-maven-plugin on every build +> - **OWASP dependency-check** integration for CVE scanning +> - Modernized build tooling (Maven plugin upgrades, JUnit 5 platform) +> +> The Java package names remain `com.onelogin.saml2.*` for full source-level compatibility with the upstream API. Only the Maven `groupId` has changed to `com.generiscorp`. Add SAML support to your Java applications using this library. -2.8.0 uses xmlsec 2.2.3 which fixes [CVE-2021-40690](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESANTUARIO-1655558) - -Version >= 2.5.0 compatible with java8 / java9. Not compatible with java7 - -2.5.0 sets the 'strict' setting parameter to true. - -2.5.0 uses xmlsec 2.1.4 which fixes [CVE-2019-12400](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESANTUARIO-460281) - -Version 2.0.0 - 2.4.0, compatible with java7 / java8. - -We [introduced some incompatibilities](https://github.com/onelogin/java-saml/issues/90), that could be fixed and make it compatible with java6. - -Version 1.1.2 is considered to be deprecated. If you have used it, we strongly recommend that you migrate to the new version. -We rebuilt the toolkit on 2.0.0, so code/settings that you had been using in the previous version will no longer be compatible. +Supports Java 8 and above. - [Why add SAML support to my software?](#why-add-saml-support-to-my-software) - [General description](#general-description) - [Security warning](#security-warning) - [Installation](#installation) - - [Hosting](#hosting) - - [Github](#github) - - [Maven](#maven) + - [Maven](#maven) - [Dependencies](#dependencies) -- [Working with the github repository code and Eclipse.](#working-with-the-github-repository-code-and-eclipse) - - [Get the toolkit.](#get-the-toolkit) - - [Adding java-saml toolkit components as a project](#adding-java-saml-toolkit-components-as-a-project) - - [Adding the java-saml-tookit-jspsample as a project](#adding-the-java-saml-tookit-jspsample-as-a-project) - - [Deploy the java-saml-tookit-jspsample](#deploy-the-java-saml-tookit-jspsample) +- [Migrating from upstream](#migrating-from-upstream) - [Getting started](#getting-started) - [Learning the toolkit](#learning-the-toolkit) - - [core (com.onelogin:java-saml-core)](#core-comoneloginjava-saml-core) - - [toolkit (com.onelogin:java-saml)](#toolkit-comoneloginjava-saml) - - [samples (com.onelogin:java-saml-tookit-samples)](#samples-comoneloginjava-saml-tookit-samples) + - [core (com.generiscorp:java-saml-core)](#core-comgeneriscorpjava-saml-core) + - [toolkit (com.generiscorp:java-saml)](#toolkit-comgeneriscorpjava-saml) - [How it works](#how-it-works) - [Javadocs](#javadocs) - [Settings](#settings) @@ -54,10 +43,6 @@ We rebuilt the toolkit on 2.0.0, so code/settings that you had been using in the - [Working behind load balancer](#working-behind-load-balancer) - [IdP with multiple certificates](#idp-with-multiple-certificates) - [Replay attacks](#replay-attacks) -- [Demo included in the toolkit](#demo-included-in-the-toolkit) - - [SP setup](#sp-setup) - - [IdP setup](#idp-setup) - - [How it works](#how-it-works-1) ## Why add SAML support to my software? @@ -73,8 +58,8 @@ since 2002, but lately it has become popular due to its advantages as follows: and most security conscious enterprises in the world rely on. * **Speed** - SAML is fast. One browser redirect is all it takes to securely sign a user into an application. - * **Phishing Prevention** - If you don’t have a password for an app, you - can’t be tricked into entering it on a fake login page. + * **Phishing Prevention** - If you don't have a password for an app, you + can't be tricked into entering it on a fake login page. * **IT Friendly** - SAML simplifies life for IT because it centralizes authentication, provides greater visibility and makes directory integration easier. @@ -104,7 +89,7 @@ Key features: the final app; the toolkit delegates session in the final app. * **Easy to use** - Programmer will be allowed to code high-level and low-level programming; 2 easy-to-use APIs are available. - * **Tested** - Thoroughly tested. + * **Tested** - Thoroughly tested (460+ unit tests). ## Security warning @@ -120,114 +105,93 @@ But there are other scenarios, like a SAAS app where the administrator of the ap ## Installation -### Hosting -#### Github -The toolkit is hosted on github. You can download it from: -* Latest release: https://github.com/onelogin/java-saml/releases/latest -* Master repo: https://github.com/onelogin/java-saml/tree/master -#### Maven -The toolkit is hosted at [Sonatype OSSRH (OSS Repository Hosting)](http://central.sonatype.org/pages/ossrh-guide.html) that is synced to the Central Repository. +### Maven Install it as a maven dependency: ```xml - - com.onelogin - java-saml - 2.9.0 - + + com.generiscorp + java-saml + 3.0.3-SNAPSHOT + ``` - ### Dependencies -java-saml (com.onelogin:java-saml-toolkit) has the following dependencies: + +java-saml (`com.generiscorp:java-saml-toolkit`) has the following dependencies: *core:* -* org.apache.santuario:xmlsec -* joda-time:joda-time -* org.apache.commons:commons-lang3 -* commons-codec:commons-codec +* org.apache.santuario:xmlsec 4.0.4 +* org.apache.commons:commons-lang3 3.20.0 +* commons-codec:commons-codec 1.21.0 +* com.azure:azure-security-keyvault-keys (optional) +* com.azure:azure-identity (optional) * testing: - * org.hamcrest:hamcrest-core and org.hamcrest:hamcrest-library - * junit:junit - * org.mockito:mockito-core + * org.hamcrest:hamcrest 3.0 + * JUnit 5 platform with JUnit 4 vintage engine + * org.mockito:mockito-core 5.21.0 * logging: - * org.slf4j:slf4j-api - * ch.qos.logback:logback-classic -* For CI: - * org.jacoco:jacoco-maven-plugin + * org.slf4j:slf4j-api 2.0.17 + * org.apache.logging.log4j:log4j-core 2.25.3 (optional) + * org.apache.logging.log4j:log4j-slf4j2-impl 2.25.3 (optional) -also the [Java Cryptography Extension (JCE)](https://en.wikipedia.org/wiki/Java_Cryptography_Extension) is required. If you don't have it, download the version of [jce-8](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html), unzip it, and drop its content at -*${java.home}/jre/lib/security/*. JDK 9 and later offer the stronger cryptographic algorithms by default. +Also the [Java Cryptography Extension (JCE)](https://en.wikipedia.org/wiki/Java_Cryptography_Extension) is required. JDK 9 and later offer the stronger cryptographic algorithms by default. *toolkit:* -* com.onelogin:java-saml-core -* javax.servlet:servlet-api - -*maven:* -* org.apache.maven.plugins:maven-jar-plugin -* org.apache.maven.plugins:maven-surefire-plugin -* org.apache.maven.plugins:maven-enforcer-plugin +* com.generiscorp:java-saml-core +* javax.servlet:javax.servlet-api 4.0.1 For more info, open and read the different pom.xml files: -[core/pom.xml](https://github.com/onelogin/java-saml/blob/v2.5.0/core/pom.xml), [toolkit/pom.xml](https://github.com/onelogin/java-saml/blob/v2.5.0/toolkit/pom.xml) +[core/pom.xml](core/pom.xml), [toolkit/pom.xml](toolkit/pom.xml) -## Working with the github repository code and Eclipse. -### Get the toolkit. -The toolkit is hosted on github. You can download it from: -* Latest release: https://github.com/onelogin/java-saml/releases/latest -* Master repo: https://github.com/onelogin/java-saml/tree/master -### Adding java-saml toolkit components as a project -1. Open Eclipse and set a workspace -2. File > Import > Maven : Existing Maven Projects > Select the path where the core folder of the Java Toolkit is */java-saml/core*, resolve the Workspace project and select the pom.xml -3. File > Import > Maven : Existing Maven Projects > Select the path where the toolkit folder of the Java Toolkit is */java-saml/toolkit*, resolve the Workspace project and select the pom.xml +## Migrating from upstream -### Adding the java-saml-tookit-jspsample as a project -1. File > Import > Maven : Existing Maven Projects > Select the path where the core folder of the Java Toolkit is */java-saml/samples/java-saml-tookit-jspsample*, resolve the Workspace project and select the pom.xml +If you are migrating from the original `com.onelogin:java-saml`, the only change needed in your code is the Maven dependency coordinates: -### Deploy the java-saml-tookit-jspsample +```xml + + + com.onelogin + java-saml + 2.9.0 + + + + + com.generiscorp + java-saml + 3.0.3-SNAPSHOT + +``` + +**No Java source code changes are required.** All Java packages remain `com.onelogin.saml2.*`, so your `import` statements and API usage stay exactly the same. -At the Package Explorer, select the jsp-sample project, 2nd bottom of the mouse and Run As > Run Server -Select a [Tomcat Server](http://crunchify.com/step-by-step-guide-to-setup-and-install-apache-tomcat-server-in-eclipse-development-environment-ide/) in order to deploy the server. ## Getting started ### Learning the toolkit -Java SAML Toolkit contains different folders (core, toolkit, samples) and some files. +Java SAML Toolkit contains two modules (core, toolkit). Let's start describing them: -#### core (com.onelogin:java-saml-core) #### +#### core (com.generiscorp:java-saml-core) #### This folder contains a maven project with the heart of java-saml, classes and methods to handle AuthNRequest, SAMLResponse, LogoutRequest, LogoutResponse and Metadata (low level API). In addition, it contains classes to load the settings of the toolkit and the HttpRequest class, a framework-agnostic representation of an HTTP request. In the repo, at *src/main/java* you will find the source; at *src/main/resources/schemas*, there are xsd schemas used to validate the SAML messages; at *src/test/java* are the tests for its classes; and at *src/test/resources* can be found different settings, SAML messages and certificates used by the junit tests. -#### toolkit (com.onelogin:java-saml) #### +#### toolkit (com.generiscorp:java-saml) #### This folder contains a maven project with the Auth class to handle the low level classes of java-saml-core and the ServletUtils class to handle javax.servlet.http objects, used on the Auth class. In the repo, at *src/main/java* you will find the source and at *src/test/java* the junit tests for the classes Auth and ServletUtils. -#### samples (com.onelogin:java-saml-tookit-samples) #### -This folder contains a maven project with a jsp app used to learn how the java-saml toolkit works. - -Within the *java-saml-tookit-jspsample/src/main/webapp* folder are several jsp files, each one representing a different endpoint: -- *index.jsp* Index of the webapp. -- *dologin.jsp* SP-initiated SSO endpoint. -- *dologout.jsp* SP-initiated SLO endpoint. -- *acs.jsp* Service Provider Assertion Consumer Service endpoint. -- *attrs.jsp* Shows attributes collected from the SAMLResponse. -- *sls.jsp* Service Provider Single Logout Service endpoint. -- *metadata.jsp* Publish SP metadata. - -At *java-saml-tookit-jspsample/src/main/resources* folder is the *onelogin.saml.properties* file which contains the SAML settings. - ### How it works #### Javadocs -* [toolkit (com.onelogin:java-saml)](https://onelogin.github.io/java-saml/toolkit/index.html) -* [core (com.onelogin:java-saml-core)](https://onelogin.github.io/java-saml/core/index.html) +* [toolkit (com.generiscorp:java-saml)](https://onelogin.github.io/java-saml/toolkit/index.html) +* [core (com.generiscorp:java-saml-core)](https://onelogin.github.io/java-saml/core/index.html) #### Settings First of all we need to configure the toolkit. The SP's info, the IdP's info, and in some cases, configuration for advanced security issues, such as signatures and encryption. @@ -525,7 +489,7 @@ and later executing the redirection manually. #### The SP Endpoints -Related to the SP there are 3 important endpoints: The metadata view, the ACS view and the SLS view. The toolkit provides at the demo of the samples folder those views. +Related to the SP there are 3 important endpoints: The metadata view, the ACS view and the SLS view. ##### SP Metadata This code will provide the XML metadata file of our SP, based on the info that we provided in the settings files. @@ -752,30 +716,3 @@ For Apache Tomcat this is done by setting the proxyName, proxyPort, scheme and s In order to avoid replay attacks, you can store the ID of the SAML messages already processed, to avoid processing them twice. Since the Messages expires and will be invalidated due that fact, you don't need to store those IDs longer than the time frame that you currently accepting. Get the ID of the last processed message with the getLastMessageId method of the Auth object. - -## Demo included in the toolkit -The Java Toolkit allows you to provide the settings in a unique file as described at the [Settings section](https://github.com/onelogin/java-saml/#Settings). - -#### SP setup -Configure the SP part and review the metadata of the IdP and complete the IdP info. Later configure how the toolkit will work enabling/disabling the security settings. - -#### IdP setup - -Once the SP is configured, the metadata of the SP is published at the /metadata.jsp url. Based on that info, configure the IdP. - -#### How it works -Lets imagine we deploy the jsp example project at *http://localhost:8080/java-saml-tookit-jspsample/*. - -1. First time you access to the main view *http://localhost:8080/java-saml-tookit-jspsample/index.jsp*, you can select to login and return to the same view or login and be redirected to the attribute view (attrs). - -2. When you click on a link,: - - 2.1. In the first link, we are redirected to the */dologin.jsp* view. An AuthNRequest is sent to the IdP, we authenticate at the IdP and then a Response is sent to the SP, specifically to the Assertion Consumer Service view: /acs.jsp. There the SAMLResponse is validated, the NameID and user attributes extracted and stored in the session. Notice that a RelayState parameter is set to the url that initiated the process, the dologin.jsp url, but we are not redirecting the user to that view, and instead we present user data on the /acs.jsp view. - - 2.2. In the second link we are redirected to the */dologin.jsp* view with a 'attrs' GET parameter. An AuthNRequest is sent to the IdP with the /attrs.jsp view as RelayState parameter, we authenticate at the IdP and then a Response is sent to the SP, specifically to the Assertion Consumer Service view: /acs.jsp. There the SAMLResponse is validated, the NameID and user attributes extracted and stored in the session and we are redirected to the RelayState view, the attrs.jsp view where user data is read from session and prompted. - -3. The single log out functionality could be tested by 2 ways. - - 3.1. SLO Initiated by SP. Click on the "logout" link at the SP, after that we are redirected to the /dologout.jsp view where a Logout Request is sent to the IdP, the session at the IdP is closed and replies to the SP a Logout Response (sent to the Single Logout Service endpoint). The SLS endpoint /sls.jsp of the SP process the Logout Response and if is valid, close the user session of the local app. Notice that the SLO Workflow starts and ends at the SP. - - 3.2. SLO Initiated by IdP. In this case, the action takes place on the IdP side, the logout process is initiated at the IdP, it sends a Logout Request to the SP (SLS endpoint, /sls.jsp). The SLS endpoint of the SP process the Logout Request and if is valid, close the session of the user at the local app and send a Logout Response to the IdP (to the SLS endpoint of the IdP). The IdP receives the Logout Response, process it and close the session at the IdP. Notice that the SLO Workflow starts and ends at the IdP. diff --git a/core/pom.xml b/core/pom.xml index 8687059f..0bf1a9c1 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -1,9 +1,9 @@ 4.0.0 - com.onelogin + com.generiscorp java-saml-toolkit - 2.9.1-SNAPSHOT + 3.0.3-SNAPSHOT jar @@ -14,17 +14,17 @@ org.hamcrest - hamcrest-core + hamcrest test - org.hamcrest - hamcrest-library + junit + junit test - junit - junit + org.junit.vintage + junit-vintage-engine test @@ -34,8 +34,13 @@ slf4j-api - ch.qos.logback - logback-classic + org.apache.logging.log4j + log4j-core + true + + + org.apache.logging.log4j + log4j-slf4j2-impl true @@ -43,30 +48,30 @@ org.apache.commons commons-lang3 - ${apacheCommonsLangVersion} + ${commons-lang3.version} org.apache.santuario xmlsec - 3.0.2 + ${xmlsec.version} commons-codec commons-codec - 1.16.0 + ${commons-codec.version} com.azure azure-security-keyvault-keys - 4.7.0 + ${azure-keyvault.version} true com.azure azure-identity - 1.10.1 + ${azure-identity.version} true @@ -76,7 +81,6 @@ org.jacoco jacoco-maven-plugin - 0.8.10 jacoco.agent.argLine @@ -92,7 +96,6 @@ org.apache.maven.plugins maven-jar-plugin - 3.2.0 @@ -104,7 +107,6 @@ org.apache.maven.plugins maven-surefire-plugin - 2.22.2 ${project.build.sourceEncoding} ${project.build.sourceEncoding} @@ -115,7 +117,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 1.4.1 + ${maven-enforcer-plugin.version} enforce @@ -134,9 +136,4 @@ - diff --git a/core/src/test/java/com/onelogin/saml2/test/util/UtilsTest.java b/core/src/test/java/com/onelogin/saml2/test/util/UtilsTest.java index da0974df..03cf3d9d 100644 --- a/core/src/test/java/com/onelogin/saml2/test/util/UtilsTest.java +++ b/core/src/test/java/com/onelogin/saml2/test/util/UtilsTest.java @@ -634,7 +634,7 @@ public void testGetNameIdDataWrongKey() throws Exception { String keyString = Util.getFileAsString("data/misc/sp3.key"); expectedEx.expect(Exception.class); - expectedEx.expectMessage("algid parse error, not a sequence"); + expectedEx.expectMessage("Unable to decode key"); Util.loadPrivateKey(keyString); } diff --git a/pom.xml b/pom.xml index e2e39801..dff7c342 100644 --- a/pom.xml +++ b/pom.xml @@ -1,66 +1,120 @@ 4.0.0 - com.onelogin + com.generiscorp java-saml-toolkit - 2.9.1-SNAPSHOT + 3.0.3-SNAPSHOT pom java-saml Toolkit Project - A Java SAML toolkit - https://github.com/saml-toolkit/java-saml + A Java SAML toolkit - maintained fork of SAML-Toolkits/java-saml + https://github.com/generiscorp/java-saml UTF-8 - UTF-8 - 1.7.36 - 4.13.2 - 1.2.12 - 3.13.0 + UTF-8 + + + + 2.0.17 + + 2.25.3 + + 3.20.0 + + 4.0.4 + + 1.21.0 + + 4.10.2 + + 1.18.2 + + + + 5.11.4 + + 5.21.0 + + 3.0 + + + + 3.15.0 + + 3.5.4 + + 3.6.2 + + 3.5.0 + + 3.3.1 + + 3.4.0 + + 3.12.0 + + 3.2.8 + + 0.8.14 + + 12.2.0 + + 2.20.1 core toolkit - samples - + + + org.junit + junit-bom + ${junit.version} + pom + import + + + junit junit - ${junitVersion} + 4.13.2 test org.mockito mockito-core - 3.12.4 - test - - - org.hamcrest - hamcrest-core - 2.2 + ${mockito.version} test org.hamcrest - hamcrest-library - 2.2 + hamcrest + ${hamcrest.version} test + org.slf4j slf4j-api - ${slf4jVersion} + ${slf4j.version} + + + + org.apache.logging.log4j + log4j-core + ${log4j2.version} + true - ch.qos.logback - logback-classic - ${logbackVersion} + org.apache.logging.log4j + log4j-slf4j2-impl + ${log4j2.version} true @@ -71,7 +125,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.0.0 + ${maven-enforcer-plugin.version} enforce-versions @@ -82,10 +136,9 @@ true - 3.2.5 + 3.6.3 - [1.8,) @@ -96,7 +149,7 @@ org.owasp dependency-check-maven - 8.4.0 + ${dependency-check-maven.version} 7 @@ -112,21 +165,67 @@ + + + + org.codehaus.mojo + versions-maven-plugin + ${versions-maven-plugin.version} + + false + + + + regex + (.+-SNAPSHOT|.+-M\d) + + + regex + .+-(alpha|beta|rc|RC).* + + + + + + + check-updates + validate + + display-dependency-updates + + + + maven-compiler-plugin - 3.8.1 + ${maven-compiler-plugin.version} 1.8 1.8 + + org.apache.maven.plugins + maven-surefire-plugin + ${maven-surefire-plugin.version} + + + org.jacoco + jacoco-maven-plugin + ${jacoco-maven-plugin.version} + + + org.apache.maven.plugins + maven-jar-plugin + ${maven-jar-plugin.version} + org.apache.maven.plugins maven-release-plugin - 2.5.3 + ${maven-release-plugin.version} true false @@ -140,23 +239,10 @@ - - - sonatype-nexus-staging - Nexus Release Repository - https://oss.sonatype.org/service/local/staging/deploy/maven2/ - - - sonatype-nexus-snapshots - Sonatype Nexus Snapshots - https://oss.sonatype.org/content/repositories/snapshots/ - - - - scm:git:git@github.com:saml-toolkit/java-saml.git - scm:git:git@github.com:saml-toolkit/java-saml.git - https://github.com/saml-toolkit/java-saml + scm:git:git@github.com:generiscorp/java-saml.git + scm:git:git@github.com:generiscorp/java-saml.git + https://github.com/generiscorp/java-saml HEAD @@ -174,6 +260,11 @@ https://github.com/pitbulk SAML Toolkit + + Generis Enterprise Technology + https://github.com/generiscorp + Generis + @@ -184,7 +275,7 @@ org.apache.maven.plugins maven-source-plugin - 3.2.1 + ${maven-source-plugin.version} attach-sources @@ -197,7 +288,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.3.1 + ${maven-javadoc-plugin.version} attach-javadocs @@ -213,7 +304,7 @@ org.apache.maven.plugins maven-gpg-plugin - 3.0.1 + ${maven-gpg-plugin.version} sign-artifacts diff --git a/samples/java-saml-tookit-jspsample/.gitignore b/samples/java-saml-tookit-jspsample/.gitignore deleted file mode 100644 index b83d2226..00000000 --- a/samples/java-saml-tookit-jspsample/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/target/ diff --git a/samples/java-saml-tookit-jspsample/pom.xml b/samples/java-saml-tookit-jspsample/pom.xml deleted file mode 100644 index d960d4f7..00000000 --- a/samples/java-saml-tookit-jspsample/pom.xml +++ /dev/null @@ -1,27 +0,0 @@ - - 4.0.0 - - com.onelogin - java-saml-tookit-samples - 2.9.1-SNAPSHOT - - - java-saml-tookit-jspsample - war - java-saml Toolkit Sample Webapp - - - - com.onelogin - java-saml - ${project.version} - - - javax.servlet - javax.servlet-api - 4.0.1 - provided - - - - diff --git a/samples/java-saml-tookit-jspsample/src/main/resources/onelogin.saml.properties b/samples/java-saml-tookit-jspsample/src/main/resources/onelogin.saml.properties deleted file mode 100644 index e7249704..00000000 --- a/samples/java-saml-tookit-jspsample/src/main/resources/onelogin.saml.properties +++ /dev/null @@ -1,171 +0,0 @@ -# If 'strict' is True, then the Java Toolkit will reject unsigned -# or unencrypted messages if it expects them signed or encrypted -# Also will reject the messages if not strictly follow the SAML -onelogin.saml2.strict = true - -# Enable debug mode (to print errors) -onelogin.saml2.debug = false - - -# Service Provider Data that we are deploying -# - -# Identifier of the SP entity (must be a URI) -onelogin.saml2.sp.entityid = http://localhost:8080/java-saml-tookit-jspsample/metadata.jsp - -# Specifies info about where and how the message MUST be -# returned to the requester, in this case our SP. -# URL Location where the from the IdP will be returned -onelogin.saml2.sp.assertion_consumer_service.url = http://localhost:8080/java-saml-tookit-jspsample/acs.jsp - -# SAML protocol binding to be used when returning the -# message. SAMLToolkit supports for this endpoint the -# HTTP-POST binding only -onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST - -# Specifies info about where and how the message MUST be -# returned to the requester, in this case our SP. -onelogin.saml2.sp.single_logout_service.url = http://localhost:8080/java-saml-tookit-jspsample/sls.jsp - -# SAML protocol binding to be used when returning the or sending the -# message. SAMLToolkit supports for this endpoint the -# HTTP-Redirect binding only -onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect - -# Specifies constraints on the name identifier to be used to -# represent the requested subject. -# Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported -onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - -# Usually x509cert and privateKey of the SP are provided by files placed at -# the certs folder. But we can also provide them with the following parameters - -onelogin.saml2.sp.x509cert = - -# Requires Format PKCS#8 BEGIN PRIVATE KEY -# If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem -onelogin.saml2.sp.privatekey = - -# Identity Provider Data that we want connect with our SP -# - -# Identifier of the IdP entity (must be a URI) -onelogin.saml2.idp.entityid = - -# SSO endpoint info of the IdP. (Authentication Request protocol) -# URL Target of the IdP where the SP will send the Authentication Request Message -onelogin.saml2.idp.single_sign_on_service.url = - -# SAML protocol binding to be used to deliver the message -# to the IdP. SAMLToolkit supports for this endpoint the -# HTTP-Redirect binding only -onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect - -# SLO endpoint info of the IdP. -# URL Location of the IdP where the SP will send the SLO Request -onelogin.saml2.idp.single_logout_service.url = - -# Optional SLO Response endpoint info of the IdP. -# URL Location of the IdP where the SP will send the SLO Response. If left blank, same URL as onelogin.saml2.idp.single_logout_service.url will be used. -# Some IdPs use a separate URL for sending a logout request and response, use this property to set the separate response url -onelogin.saml2.idp.single_logout_service.response.url = - -# SAML protocol binding to be used when returning the -# message. SAMLToolkit supports for this endpoint the -# HTTP-Redirect binding only -onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect - -# Public x509 certificate of the IdP -onelogin.saml2.idp.x509cert = - -# Instead of use the whole x509cert you can use a fingerprint -# (openssl x509 -noout -fingerprint -in "idp.crt" to generate it, -# or add for example the -sha256 , -sha384 or -sha512 parameter) -# -# If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to -# let the toolkit know which Algorithm was used. Possible values: sha1, sha256, sha384 or sha512 -# 'sha1' is the default value. -# onelogin.saml2.idp.certfingerprint = -# onelogin.saml2.idp.certfingerprint_algorithm = sha256 - - -# Security settings -# - -# Indicates that the nameID of the sent by this SP -# will be encrypted. -onelogin.saml2.security.nameid_encrypted = false - -# Indicates whether the messages sent by this SP -# will be signed. [The Metadata of the SP will offer this info] -onelogin.saml2.security.authnrequest_signed = false - -# Indicates whether the messages sent by this SP -# will be signed. -onelogin.saml2.security.logoutrequest_signed = false - -# Indicates whether the messages sent by this SP -# will be signed. -onelogin.saml2.security.logoutresponse_signed = false - -# Indicates a requirement for the , and -# elements received by this SP to be signed. -onelogin.saml2.security.want_messages_signed = false - -# Indicates a requirement for the elements received by this SP to be signed. -onelogin.saml2.security.want_assertions_signed = false - -# Indicates a requirement for the Metadata of this SP to be signed. -# Right now supported null (in order to not sign) or true (sign using SP private key) -onelogin.saml2.security.sign_metadata = - -# Indicates a requirement for the Assertions received by this SP to be encrypted -onelogin.saml2.security.want_assertions_encrypted = false - -# Indicates a requirement for the NameID received by this SP to be encrypted -onelogin.saml2.security.want_nameid_encrypted = false - -# Authentication context. -# Set Empty and no AuthContext will be sent in the AuthNRequest -# You can set multiple values (comma separated them) -onelogin.saml2.security.requested_authncontext = urn:oasis:names:tc:SAML:2.0:ac:classes:Password - -# Allows the authn comparison parameter to be set, defaults to 'exact' -onelogin.saml2.security.onelogin.saml2.security.requested_authncontextcomparison = exact - -# Allows duplicated names in the attribute statement -onelogin.saml2.security.allow_duplicated_attribute_name = false - -# Indicates if the SP will validate all received xmls. -# (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true). -onelogin.saml2.security.want_xml_validation = true - -# Algorithm that the toolkit will use on signing process. Options: -# 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' -# 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' -# 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' -# 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384' -# 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512' -onelogin.saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - -# Algorithm that the toolkit will use on digest process. Options: -# 'http://www.w3.org/2000/09/xmldsig#sha1' -# 'http://www.w3.org/2001/04/xmlenc#sha256' -# 'http://www.w3.org/2001/04/xmldsig-more#sha384' -# 'http://www.w3.org/2001/04/xmlenc#sha512' -onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha256 - -# Reject Signatures with deprecated algorithms (sha1) -onelogin.saml2.security.reject_deprecated_alg = true - -# Organization -onelogin.saml2.organization.name = SP Java -onelogin.saml2.organization.displayname = SP Java Example -onelogin.saml2.organization.url = http://sp.example.com -onelogin.saml2.organization.lang = - -# Contacts -onelogin.saml2.contacts.technical.given_name = Technical Guy -onelogin.saml2.contacts.technical.email_address = technical@example.com -onelogin.saml2.contacts.support.given_name = Support Guy -onelogin.saml2.contacts.support.email_address = support@@example.com diff --git a/samples/java-saml-tookit-jspsample/src/main/webapp/WEB-INF/web.xml b/samples/java-saml-tookit-jspsample/src/main/webapp/WEB-INF/web.xml deleted file mode 100644 index c1ea7955..00000000 --- a/samples/java-saml-tookit-jspsample/src/main/webapp/WEB-INF/web.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - \ No newline at end of file diff --git a/samples/java-saml-tookit-jspsample/src/main/webapp/acs.jsp b/samples/java-saml-tookit-jspsample/src/main/webapp/acs.jsp deleted file mode 100644 index 9c8ff2e0..00000000 --- a/samples/java-saml-tookit-jspsample/src/main/webapp/acs.jsp +++ /dev/null @@ -1,114 +0,0 @@ -<%@page import="com.onelogin.saml2.Auth"%> -<%@page import="com.onelogin.saml2.servlet.ServletUtils"%> -<%@page import="java.util.Collection"%> -<%@page import="java.util.List"%> -<%@page import="java.util.Map"%> -<%@page import="org.apache.commons.lang3.StringUtils" %> -<%@ page language="java" contentType="text/html; charset=UTF-8" - pageEncoding="UTF-8"%> - - - - - - - A Java SAML Toolkit - - - - - - - -
-

A Java SAML Toolkit

- - - - <% - Auth auth = new Auth(request, response); - auth.processResponse(); - - if (!auth.isAuthenticated()) { - out.println("
Not authenticated
"); - } - - List errors = auth.getErrors(); - - if (!errors.isEmpty()) { - out.println("

" + StringUtils.join(errors, ", ") + "

"); - if (auth.isDebugActive()) { - String errorReason = auth.getLastErrorReason(); - if (errorReason != null && !errorReason.isEmpty()) { - out.println("

" + auth.getLastErrorReason() + "

"); - } - } - out.println("Login"); - } else { - Map> attributes = auth.getAttributes(); - String nameId = auth.getNameId(); - String nameIdFormat = auth.getNameIdFormat(); - String sessionIndex = auth.getSessionIndex(); - String nameidNameQualifier = auth.getNameIdNameQualifier(); - String nameidSPNameQualifier = auth.getNameIdSPNameQualifier(); - - session.setAttribute("attributes", attributes); - session.setAttribute("nameId", nameId); - session.setAttribute("nameIdFormat", nameIdFormat); - session.setAttribute("sessionIndex", sessionIndex); - session.setAttribute("nameidNameQualifier", nameidNameQualifier); - session.setAttribute("nameidSPNameQualifier", nameidSPNameQualifier); - - - String relayState = request.getParameter("RelayState"); - - if (relayState != null && !relayState.isEmpty() && !relayState.equals(ServletUtils.getSelfRoutedURLNoQuery(request)) && - !relayState.contains("/dologin.jsp")) { // We don't want to be redirected to login.jsp neither - response.sendRedirect(request.getParameter("RelayState")); - } else { - - - if (attributes.isEmpty()) { - %> - - <% - } - else { - %> - - - - - - - - - <% - Collection keys = attributes.keySet(); - for(String name :keys){ - out.println(""); - } - %> - -
NameValues
" + name + ""); - List values = attributes.get(name); - for(String value :values) { - out.println("
  • " + value + "
    • "); - } - - out.println("
    - <% - } - %> - See user data stored at session - Logout - <% - } - } - %> -
    - - diff --git a/samples/java-saml-tookit-jspsample/src/main/webapp/attrs.jsp b/samples/java-saml-tookit-jspsample/src/main/webapp/attrs.jsp deleted file mode 100644 index 65c4aced..00000000 --- a/samples/java-saml-tookit-jspsample/src/main/webapp/attrs.jsp +++ /dev/null @@ -1,92 +0,0 @@ -<%@page import="com.onelogin.saml2.Auth"%> -<%@page import="java.util.Collection"%> -<%@page import="java.util.Enumeration"%> -<%@page import="java.util.HashMap"%> -<%@page import="java.util.List"%> -<%@page import="java.util.Map"%> -<%@page import="org.apache.commons.lang3.StringUtils" %> -<%@ page language="java" contentType="text/html; charset=UTF-8" - pageEncoding="UTF-8"%> - - - - - - - A Java SAML Toolkit - - - - - - - -
    -

    A Java SAML Toolkit

    - <% - Boolean found = false; - @SuppressWarnings("unchecked") - Enumeration elems = (Enumeration) session.getAttributeNames(); - - while (elems.hasMoreElements() && !found) { - String value = (String) elems.nextElement(); - if (value.equals("attributes") || value.equals("nameId")) { - found = true; - } - } - - if (found) { - String nameId = (String) session.getAttribute("nameId"); - @SuppressWarnings("unchecked") - Map> attributes = (Map>) session.getAttribute("attributes"); - - if (!nameId.isEmpty()) { - out.println("
    NameId: " + nameId + "
    "); - } - - if (attributes.isEmpty()) { - %> - - <% - } - else { - %> -
    Attributes:
    - - - - - - - - - <% - Collection keys = attributes.keySet(); - for(String name :keys){ - out.println(""); - } - %> - -
    NameValues
    " + name + ""); - List values = attributes.get(name); - for(String value :values) { - out.println("
  • " + value + "
    • "); - } - - out.println("
    - <% - } - - out.println("Logout"); - } else { - out.println("
    Not authenticated
    "); - out.println("Login"); - } - %> -
    - - - diff --git a/samples/java-saml-tookit-jspsample/src/main/webapp/dologin.jsp b/samples/java-saml-tookit-jspsample/src/main/webapp/dologin.jsp deleted file mode 100644 index 1c2f1f20..00000000 --- a/samples/java-saml-tookit-jspsample/src/main/webapp/dologin.jsp +++ /dev/null @@ -1,18 +0,0 @@ -<%@page import="com.onelogin.saml2.Auth"%> -<%@page language="java" contentType="text/html; charset=UTF-8" - pageEncoding="UTF-8"%> - - - - - - <% - Auth auth = new Auth(request, response); - if (request.getParameter("attrs") == null) { - auth.login(); - } else { - auth.login(request.getContextPath() + "/attrs.jsp"); - } - %> - - diff --git a/samples/java-saml-tookit-jspsample/src/main/webapp/dologout.jsp b/samples/java-saml-tookit-jspsample/src/main/webapp/dologout.jsp deleted file mode 100644 index dc1b9807..00000000 --- a/samples/java-saml-tookit-jspsample/src/main/webapp/dologout.jsp +++ /dev/null @@ -1,35 +0,0 @@ -<%@page import="com.onelogin.saml2.Auth"%> -<%@ page language="java" contentType="text/html; charset=UTF-8" - pageEncoding="UTF-8"%> - - - - - - <% - Auth auth = new Auth(request, response); - - String nameId = null; - if (session.getAttribute("nameId") != null) { - nameId = session.getAttribute("nameId").toString(); - } - String nameIdFormat = null; - if (session.getAttribute("nameIdFormat") != null) { - nameIdFormat = session.getAttribute("nameIdFormat").toString(); - } - String nameidNameQualifier = null; - if (session.getAttribute("nameidNameQualifier") != null) { - nameidNameQualifier = session.getAttribute("nameidNameQualifier").toString(); - } - String nameidSPNameQualifier = null; - if (session.getAttribute("nameidSPNameQualifier") != null) { - nameidSPNameQualifier = session.getAttribute("nameidSPNameQualifier").toString(); - } - String sessionIndex = null; - if (session.getAttribute("sessionIndex") != null) { - sessionIndex = session.getAttribute("sessionIndex").toString(); - } - auth.logout(null, nameId, sessionIndex, nameIdFormat, nameidNameQualifier, nameidSPNameQualifier); - %> - - diff --git a/samples/java-saml-tookit-jspsample/src/main/webapp/index.jsp b/samples/java-saml-tookit-jspsample/src/main/webapp/index.jsp deleted file mode 100644 index 9483fb2d..00000000 --- a/samples/java-saml-tookit-jspsample/src/main/webapp/index.jsp +++ /dev/null @@ -1,26 +0,0 @@ -<%@ page language="java" contentType="text/html; charset=UTF-8" - pageEncoding="UTF-8"%> - - - - - - - A Java SAML Toolkit - - - - - - - -
    -

    A Java SAML Toolkit

    - Login - Login and access to attrs.jsp page -
    - - diff --git a/samples/java-saml-tookit-jspsample/src/main/webapp/metadata.jsp b/samples/java-saml-tookit-jspsample/src/main/webapp/metadata.jsp deleted file mode 100644 index 1b2388e0..00000000 --- a/samples/java-saml-tookit-jspsample/src/main/webapp/metadata.jsp +++ /dev/null @@ -1,16 +0,0 @@ -<%@page import="java.util.*,com.onelogin.saml2.Auth,com.onelogin.saml2.settings.Saml2Settings" language="java" contentType="application/xhtml+xml"%><% -Auth auth = new Auth(); -Saml2Settings settings = auth.getSettings(); -settings.setSPValidationOnly(true); -List errors = settings.checkSettings(); - -if (errors.isEmpty()) { - String metadata = settings.getSPMetadata(); - out.println(metadata); -} else { - response.setContentType("text/html; charset=UTF-8"); - - for (String error : errors) { - out.println("

    "+error+"

    "); - } -}%> diff --git a/samples/java-saml-tookit-jspsample/src/main/webapp/sls.jsp b/samples/java-saml-tookit-jspsample/src/main/webapp/sls.jsp deleted file mode 100644 index 83f2ad7d..00000000 --- a/samples/java-saml-tookit-jspsample/src/main/webapp/sls.jsp +++ /dev/null @@ -1,47 +0,0 @@ -<%@page import="com.onelogin.saml2.Auth"%> -<%@page import="java.util.Collection"%> -<%@page import="java.util.HashMap"%> -<%@page import="java.util.List"%> -<%@page import="java.util.Map"%> -<%@ page language="java" contentType="text/html; charset=UTF-8" - pageEncoding="UTF-8"%> - - - - - - - A Java SAML Toolkit - - - - - - - -
    -

    A Java SAML Toolkit

    - Logout - <% - Auth auth = new Auth(request, response); - auth.processSLO(); - - List errors = auth.getErrors(); - - if (errors.isEmpty()) { - out.println("

    Sucessfully logged out

    "); - out.println("Login"); - } else { - out.println("

    "); - for(String error : errors) { - out.println(" " + error + "."); - } - out.println("

    "); - } - %> -
    - - diff --git a/samples/pom.xml b/samples/pom.xml deleted file mode 100644 index 36ab644b..00000000 --- a/samples/pom.xml +++ /dev/null @@ -1,17 +0,0 @@ - - 4.0.0 - - com.onelogin - java-saml-toolkit - 2.9.1-SNAPSHOT - - - java-saml-tookit-samples - java-saml Toolkit Samples - pom - - - java-saml-tookit-jspsample - - - diff --git a/toolkit/pom.xml b/toolkit/pom.xml index 69d723b1..b56f9837 100644 --- a/toolkit/pom.xml +++ b/toolkit/pom.xml @@ -1,9 +1,9 @@ 4.0.0 - com.onelogin + com.generiscorp java-saml-toolkit - 2.9.1-SNAPSHOT + 3.0.3-SNAPSHOT jar @@ -12,14 +12,14 @@ - com.onelogin + com.generiscorp java-saml-core ${project.version} - com.onelogin + com.generiscorp java-saml-core ${project.version} test-jar @@ -27,17 +27,17 @@ org.hamcrest - hamcrest-core + hamcrest test - org.hamcrest - hamcrest-library + junit + junit test - junit - junit + org.junit.vintage + junit-vintage-engine test @@ -52,8 +52,13 @@ slf4j-api - ch.qos.logback - logback-classic + org.apache.logging.log4j + log4j-core + true + + + org.apache.logging.log4j + log4j-slf4j2-impl true @@ -69,17 +74,17 @@ org.apache.commons commons-lang3 - ${apacheCommonsLangVersion} + ${commons-lang3.version} org.apache.santuario xmlsec - 3.0.2 + ${xmlsec.version} commons-codec commons-codec - 1.16.0 + ${commons-codec.version} @@ -88,7 +93,6 @@ org.jacoco jacoco-maven-plugin - 0.8.10 jacoco.agent.argLine @@ -104,7 +108,6 @@ org.apache.maven.plugins maven-surefire-plugin - 2.22.2 ${project.build.sourceEncoding} ${project.build.sourceEncoding} @@ -114,9 +117,4 @@ - diff --git a/toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java b/toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java index 53c82ef5..175ea76b 100644 --- a/toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java +++ b/toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java @@ -13,7 +13,7 @@ import static org.junit.Assert.assertSame; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; -import static org.mockito.Matchers.matches; +import static org.mockito.ArgumentMatchers.matches; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; From 7d2d728f792a3d6a3c25d6f4a60e0475b0f41d8c Mon Sep 17 00:00:00 2001 From: Mariusz Pala Date: Sun, 8 Feb 2026 20:05:34 +0100 Subject: [PATCH 2/2] =?UTF-8?q?Upgrade=20azure-keyvault=204.10.2=E2=86=924?= =?UTF-8?q?.10.5,=20junit=205.11.4=E2=86=926.0.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index dff7c342..1c57d1be 100644 --- a/pom.xml +++ b/pom.xml @@ -25,13 +25,13 @@ 1.21.0 - 4.10.2 + 4.10.5 1.18.2 - 5.11.4 + 6.0.2 5.21.0