Date: Thu, 30 Nov 2017 11:05:45 +0000 From: Colm O hEigeartaigh <coheigea@...che.org> To: "users@....apache.org" <users@....apache.org>, "dev@....apache.org" <dev@....apache.org>, announce@...che.org, oss-security@...ts.openwall.com Cc: Apache Security Response Team <security@...che.org> Subject: Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017-12631 Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. Apache CXF Fediz 1.4.3 and 1.3.3 are released along with a new security advisory that is fixed in these releases: CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins. http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc Users who are using the Spring security plugins of Apache CXF Fediz should upgrade immediately to the latest releases. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ