Date: Mon, 2 Jul 2018 09:28:52 +0200 From: David Karlsen <davidkarlsen@...il.com> To: dev@....apache.org, coheigea@...che.org Cc: users@....apache.org, announce@...che.org, security@...che.org, oss-security@...ts.openwall.com Subject: Re: Apache CXF 3.2.6 and 3.1.16 are released Should that read 3.2.5 instead of 3.2.6? Den tor. 28. jun. 2018 kl. 16:57 skrev Colm O hEigeartaigh < coheigea@...che.org>: > Apache CXF™ is an open source services framework. CXF helps you build and > develop services using frontend programming APIs, like JAX-WS and JAX-RS. > These services can speak a variety of protocols such as SOAP, XML/HTTP, > RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, > JMS or JBI. > > The Apache CXF team is proud to announce the release of versions 3.2.6 and > 3.1.16. Over 50 JIRA issues were fixed for 3.2.5 and 25 JIRA items were > resolved for 3.1.16. > > In addition, both of these releases contain a fix for a new security > advisory: > > CVE-2018-8039: Apache CXF TLS hostname verification does not work correctly > with com.sun.net.ssl. > > The advisory text is available at this location: > > http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2 > > Please also refer to the CXF security advisories page: > http://cxf.apache.org/security-advisories.html > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- -- David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ