Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 2 Jul 2018 09:28:52 +0200
From: David Karlsen <davidkarlsen@...il.com>
To: dev@....apache.org, coheigea@...che.org
Cc: users@....apache.org, announce@...che.org, security@...che.org, 
	oss-security@...ts.openwall.com
Subject: Re: Apache CXF 3.2.6 and 3.1.16 are released

Should that read 3.2.5 instead of 3.2.6?

Den tor. 28. jun. 2018 kl. 16:57 skrev Colm O hEigeartaigh <
coheigea@...che.org>:

> Apache CXF™ is an open source services framework. CXF helps you build and
> develop services using frontend programming APIs, like JAX-WS and JAX-RS.
> These services can speak a variety of protocols such as SOAP, XML/HTTP,
> RESTful HTTP, or CORBA and work over a variety of transports such as HTTP,
> JMS or JBI.
>
> The Apache CXF team is proud to announce the release of versions 3.2.6 and
> 3.1.16. Over 50 JIRA issues were fixed for 3.2.5 and 25 JIRA items were
> resolved for 3.1.16.
>
> In addition, both of these releases contain a fix for a new security
> advisory:
>
> CVE-2018-8039: Apache CXF TLS hostname verification does not work correctly
> with com.sun.net.ssl.
>
> The advisory text is available at this location:
>
> http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2
>
> Please also refer to the CXF security advisories page:
> http://cxf.apache.org/security-advisories.html
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>


-- 
--
David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.