From 190a6d029319c6188089294b172ef1c872794750 Mon Sep 17 00:00:00 2001
From: Valera V Harseko <vharseko@3a-systems.ru>
Date: Wed, 6 Aug 2025 14:45:21 +0300
Subject: [PATCH] [#896] CVE-2022-34169 Apache Xalan Java XSLT library integer
 truncation issue when processing malicious XSLT stylesheets

---
 openam-federation/OpenFM/pom.xml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/openam-federation/OpenFM/pom.xml b/openam-federation/OpenFM/pom.xml
index f4345a4d9d..32f44e3a99 100644
--- a/openam-federation/OpenFM/pom.xml
+++ b/openam-federation/OpenFM/pom.xml
@@ -13,7 +13,7 @@
  * information: "Portions copyright [year] [name of copyright owner]".
  *
  * Copyright 2011-2016 ForgeRock AS.
- * Portions copyright 2017-2024 3A Systems, LLC
+ * Portions copyright 2017-2025 3A Systems, LLC
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
@@ -180,7 +180,12 @@
         <dependency>
             <groupId>xalan</groupId>
             <artifactId>xalan</artifactId>
-            <version>2.7.2</version>
+            <version>2.7.3</version>
+        </dependency>
+        <dependency>
+            <groupId>xalan</groupId>
+            <artifactId>serializer</artifactId>
+            <version>2.7.3</version>
         </dependency>
     </dependencies>
 </project>