oss-sec mailing list archives
Apache CXF Fediz 1.4.4 is released
From: Colm O hEigeartaigh <coheigea () apache org>
Date: Wed, 4 Jul 2018 15:47:53 +0100
Apache CXF Fediz (http://cxf.apache.org/fediz) is a subproject of Apache CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. The Apache CXF Fediz team is pleased to announce the release of version 1.4.4, which is available for download here: http://cxf.apache.org/fediz-downloads.html This release contains a fix for a new security advisory: CVE-2018-8038: Apache CXF Fediz is vulnerable to DTD based XML attacks The advisory text is available at this location: http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc Please also refer to the CXF security advisories page: http://cxf.apache.org/security-advisories.html -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Current thread:
- Apache CXF Fediz 1.4.4 is released Colm O hEigeartaigh (Jul 04)