Date: Tue, 18 Apr 2017 13:01:31 +0100 From: Colm O hEigeartaigh <coheigea@...che.org> To: "users@....apache.org" <users@....apache.org>, "dev@....apache.org" <dev@....apache.org> Cc: Apache Security Response Team <security@...che.org>, bugtraq@...urityfocus.com, oss-security@...ts.openwall.com Subject: New security advisories for Apache CXF The Apache CXF project has released two new security advisories: a) CVE-2017-5653: Apache CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encrypted. b) CVE-2017-5656: Apache CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens. More details, including the text of the security advisories, are available at: http://cxf.apache.org/security-advisories.html Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.