From 4f30fb333e75e4e0b67fdc4eba833fe2b97d2f5a Mon Sep 17 00:00:00 2001
From: Julian Ladisch <julianladisch@users.noreply.github.com>
Date: Wed, 1 Nov 2023 21:43:53 +0100
Subject: [PATCH] CIRC-1954: Drools 7.74.1, xstream 1.4.20

Upgrade Drools from 7.73.0.Final to 7.74.1.Final. This indirectly upgrades
xstream from 1.4.19 to 1.4.20 fixing Denial of Service (DoS):

https://nvd.nist.gov/vuln/detail/CVE-2022-41966

Note that our last attempt to upgrade to Drools 8 failed:

https://github.com/folio-org/mod-circulation/pull/1214
https://issues.folio.org/browse/CIRC-1676
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1b112bd044..44c8ca42ee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
 
   <properties>
     <antlr4.version>4.11.1</antlr4.version>
-    <drools.version>7.73.0.Final</drools.version>
+    <drools.version>7.74.1.Final</drools.version>
     <rmb.version>35.0.4</rmb.version>
     <vertx.version>4.3.5</vertx.version>
     <log4j2.version>2.19.0</log4j2.version>