oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

New security advisories for Apache CXF

From: Colm O hEigeartaigh <coheigea () apache org>
Date: Tue, 18 Apr 2017 13:01:31 +0100
The Apache CXF project has released two new security advisories:

a) CVE-2017-5653: Apache CXF JAX-RS XML Security streaming clients do not
validate that the service response was signed or encrypted.

b) CVE-2017-5656: Apache CXF's STSClient uses a flawed way of caching
tokens that are associated with delegation tokens.

More details, including the text of the security advisories, are available
at:

http://cxf.apache.org/security-advisories.html

Colm.

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Previous By Date Next
Previous By Thread Next

Current thread: