Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 30 Nov 2017 11:05:45 +0000
From: Colm O hEigeartaigh <coheigea@...che.org>
To: "users@....apache.org" <users@....apache.org>, "dev@....apache.org" <dev@....apache.org>, announce@...che.org, 
	oss-security@...ts.openwall.com
Cc: Apache Security Response Team <security@...che.org>
Subject: Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security
 advisory CVE-2017-12631

Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web
applications and delegates security enforcement to the underlying
application server.

Apache CXF Fediz 1.4.3 and 1.3.3 are released along with a new security
advisory that is fixed in these releases:

CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.

http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc

Users who are using the Spring security plugins of Apache CXF Fediz should
upgrade immediately to the latest releases.

Colm.


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ