From 27060d63ca637e912e33c6660b89bc701522158d Mon Sep 17 00:00:00 2001
From: Bruno Oliveira da Silva <bruno@abstractj.com>
Date: Tue, 7 Feb 2023 10:54:02 -0300
Subject: [PATCH] CVE-2022-45047 - Deserialization of Untrusted Data
 vulnerability in org.apache.sshd:sshd-common

Backport of #16779
---
 pom.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pom.xml b/pom.xml
index 29597d457c5..1136b065920 100644
--- a/pom.xml
+++ b/pom.xml
@@ -122,6 +122,8 @@
         <okhttp.version>4.10.0</okhttp.version>
         <!-- Override of SnakeYAML to fix multiple CVEs -->
         <org.yaml.snakeyaml.version>1.33</org.yaml.snakeyaml.version>
+        <!-- Override sshd-common to fix CVE-2022-45047 -->
+        <org.apache.sshd.version>2.9.2</org.apache.sshd.version>
 
         <!-- Openshift -->
         <version.com.openshift.openshift-restclient-java>9.0.5.Final</version.com.openshift.openshift-restclient-java>
@@ -317,6 +319,11 @@
                 <artifactId>snakeyaml</artifactId>
                 <version>${org.yaml.snakeyaml.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.apache.sshd</groupId>
+                <artifactId>sshd-common</artifactId>
+                <version>${org.apache.sshd.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.jboss</groupId>
                 <artifactId>jboss-dmr</artifactId>