[CVE][HIGH] CVE-2021-40690 Updating xmlsec library

[LightGuard]

Fixes a CVE in xmlsec.

There's a CVE in the version of xmlsec that we use, it was fixed in 2.2.3, but we're also using version 2.2.6 elsewhere in the codebase, so I figured it made sense to use the same version in both places.

[LightGuard]

  [INFO] -------------------------------------------------------------
  Error:  COMPILATION ERROR : 
  [INFO] -------------------------------------------------------------
  Error:  /home/runner/work/jbpm-work-items/jbpm-work-items/kiegroup_drools/kie-dmn/kie-dmn-feel-gwt/src/main/java/org/kie/dmn/feel/entrypoint/FEELEntryPoint.java:[19,48] cannot access org.jresearch.threetenbp.gwt.time.client.Support
    bad class file: /home/runner/.m2/repository/org/jresearch/gwt/time/org.jresearch.gwt.time/2.0.11/org.jresearch.gwt.time-2.0.11.jar(org/jresearch/threetenbp/gwt/time/client/Support.class)
      class file has wrong version 55.0, should be 52.0
      Please remove or make sure it appears in the correct subdirectory of the classpath.

This doesn't seem like it has anything to do with this PR.

[LightGuard]

jenkins do fdb

[baldimir]

jenkins run cdb

[baldimir]

jenkins run fdb

[LightGuard]

Bad classfile on a GWT class. Is this happening in other PRs?

[LightGuard]

Are we trying to get full green builds here?

[baldimir]

Does this happen also locally, when you build without your change, please?

[LightGuard]

I haven't seen it yet, but maybe I'm not running the commands/order as CI?

[LightGuard]

jenkins run cdb

[LightGuard]

Well, here's the failure:

[2025-02-06T23:02:53.378Z] [ERROR] Failed to execute goal org.wildfly.plugins:wildfly-jar-maven-plugin:6.1.2.Final:package (default) on project business-central-webapp: Provisioning failed: Failed to invoke config generator org.wildfly.galleon.plugin.config.generator.WfConfigGenerator: WFLYEMB0022: Cannot invoke 'start' on embedded process: WFLYSRV0126: Could not create server content directory: /home/jenkins/workspace/KIE/7.67.x-blue/compile/jbpm-work-items-7.67.x-blue.compile/bc/kiegroup_kie-wb-distributions/business-central-parent/business-monitoring-webapp/target/bootable-jar-build-artifacts/wildfly/standalone/data/content -> [Help 1]

But I don't see why it couldn't create the directory. Permissions? Space? Something else? Anyone have any ideas?

[LightGuard]

jenkins run cdb

[LightGuard]

jenkins run cdb

[LightGuard]

Latest one looks like kafka errors with the testcontainer. Are we seeing this elsewhere?

[LightGuard]

jenkins run cdb

[LightGuard]

jenkins run cdb

[LightGuard]

I think this is the error:

[2025-02-11T21:40:03.368Z] Caused by: java.nio.file.NoSuchFileException: /home/jenkins/workspace/KIE/7.67.x-blue/compile/jbpm-work-items-7.67.x-blue.compile/bc/kiegroup_kie-wb-distributions/business-central-parent/business-monitoring-webapp/target/bootable-jar-build-artifacts/wildfly/standalone/configuration/standalone.xml -> /home/jenkins/workspace/KIE/7.67.x-blue/compile/jbpm-work-items-7.67.x-blue.compile/bc/kiegroup_kie-wb-distributions/business-central-parent/business-monitoring-webapp/target/bootable-jar-build-artifacts/wildfly/standalone/configuration/standalone_xml_history/current/standalone.v24.xml

It continues down to v1. That doesn't seem like anything I have done in this PR.

[LightGuard]

jenkins run cdb