From 8f9b489297476f630b3bdde9143c78f679f2d35f Mon Sep 17 00:00:00 2001
From: Christian Pape <Christian.Pape@informatik.hs-fulda.de>
Date: Thu, 26 Sep 2024 07:57:36 +0200
Subject: [PATCH] NMS-16515: Excluding vulnerable esapi version

---
 dependencies/spring-security/pom.xml | 19 +++++++++++++++++++
 pom.xml                              |  1 +
 2 files changed, 20 insertions(+)

diff --git a/dependencies/spring-security/pom.xml b/dependencies/spring-security/pom.xml
index 0a979edb8b80..a1ac25ff015d 100644
--- a/dependencies/spring-security/pom.xml
+++ b/dependencies/spring-security/pom.xml
@@ -98,6 +98,25 @@
           <groupId>org.apache.santuario</groupId>
           <artifactId>xmlsec</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.owasp.esapi</groupId>
+          <artifactId>esapi</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>org.owasp.esapi</groupId>
+      <artifactId>esapi</artifactId>
+      <version>${esapiVersion}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>xml-apis</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
diff --git a/pom.xml b/pom.xml
index 2f615e12c1bc..5724f858e7a1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1661,6 +1661,7 @@
     <eddsaVersion>0.3.0</eddsaVersion>
     <elasticsearchNettyVersion>4.1.69.Final</elasticsearchNettyVersion>
     <elasticsearchTargetVersion>7.6.2</elasticsearchTargetVersion>
+    <esapiVersion>2.3.0.0</esapiVersion>
     <felixBridgeVersion>4.0.12</felixBridgeVersion>
     <felixProxyVersion>3.0.6</felixProxyVersion>
     <fopVersion>2.9</fopVersion>