Date: Tue, 18 Apr 2017 13:01:31 +0100 From: Colm O hEigeartaigh <coheigea@...che.org> To: "users@....apache.org" <users@....apache.org>, "dev@....apache.org" <dev@....apache.org> Cc: Apache Security Response Team <security@...che.org>, bugtraq@...urityfocus.com, oss-security@...ts.openwall.com Subject: New security advisories for Apache CXF The Apache CXF project has released two new security advisories: a) CVE-2017-5653: Apache CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encrypted. b) CVE-2017-5656: Apache CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens. More details, including the text of the security advisories, are available at: http://cxf.apache.org/security-advisories.html Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ