Date: Thu, 30 Nov 2017 11:05:45 +0000 From: Colm O hEigeartaigh <coheigea@...che.org> To: "users@....apache.org" <users@....apache.org>, "dev@....apache.org" <dev@....apache.org>, announce@...che.org, oss-security@...ts.openwall.com Cc: Apache Security Response Team <security@...che.org> Subject: Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017-12631 Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. Apache CXF Fediz 1.4.3 and 1.3.3 are released along with a new security advisory that is fixed in these releases: CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins. http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc Users who are using the Spring security plugins of Apache CXF Fediz should upgrade immediately to the latest releases. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.