Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 2 Jul 2018 09:28:52 +0200
From: David Karlsen <davidkarlsen@...il.com>
To: dev@....apache.org, coheigea@...che.org
Cc: users@....apache.org, announce@...che.org, security@...che.org, 
	oss-security@...ts.openwall.com
Subject: Re: Apache CXF 3.2.6 and 3.1.16 are released

Should that read 3.2.5 instead of 3.2.6?

Den tor. 28. jun. 2018 kl. 16:57 skrev Colm O hEigeartaigh <
coheigea@...che.org>:

> Apache CXF™ is an open source services framework. CXF helps you build and
> develop services using frontend programming APIs, like JAX-WS and JAX-RS.
> These services can speak a variety of protocols such as SOAP, XML/HTTP,
> RESTful HTTP, or CORBA and work over a variety of transports such as HTTP,
> JMS or JBI.
>
> The Apache CXF team is proud to announce the release of versions 3.2.6 and
> 3.1.16. Over 50 JIRA issues were fixed for 3.2.5 and 25 JIRA items were
> resolved for 3.1.16.
>
> In addition, both of these releases contain a fix for a new security
> advisory:
>
> CVE-2018-8039: Apache CXF TLS hostname verification does not work correctly
> with com.sun.net.ssl.
>
> The advisory text is available at this location:
>
> http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2
>
> Please also refer to the CXF security advisories page:
> http://cxf.apache.org/security-advisories.html
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>


-- 
--
David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ