Date: Wed, 4 Jul 2018 15:47:53 +0100 From: Colm O hEigeartaigh <coheigea@...che.org> To: users@....apache.org, CXF Dev List <dev@....apache.org>, announce@...che.org, oss-security@...ts.openwall.com, Apache Security Response Team <security@...che.org> Subject: Apache CXF Fediz 1.4.4 is released Apache CXF Fediz (http://cxf.apache.org/fediz) is a subproject of Apache CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. The Apache CXF Fediz team is pleased to announce the release of version 1.4.4, which is available for download here: http://cxf.apache.org/fediz-downloads.html This release contains a fix for a new security advisory: CVE-2018-8038: Apache CXF Fediz is vulnerable to DTD based XML attacks The advisory text is available at this location: http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc Please also refer to the CXF security advisories page: http://cxf.apache.org/security-advisories.html -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ