axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Veithen (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (RAMPART-446) Rampart uses vulnerable version of WSS4J
Date Thu, 07 Mar 2019 23:19:00 GMT

     [ https://issues.apache.org/jira/browse/RAMPART-446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andreas Veithen resolved RAMPART-446.
-------------------------------------
       Resolution: Fixed
    Fix Version/s: 1.7.2

> Rampart uses vulnerable version of WSS4J
> ----------------------------------------
>
>                 Key: RAMPART-446
>                 URL: https://issues.apache.org/jira/browse/RAMPART-446
>             Project: Rampart
>          Issue Type: Bug
>    Affects Versions: 1.7.1
>            Reporter: Christopher
>            Priority: Critical
>             Fix For: 1.7.2
>
>
> Apache WSS4J has some security issues that have been known since 2015.  See [https://ws.apache.org/wss4j/security_advisories.html] Both
are against any version of Apache WSS4J below version 1.6.17.  Looking at the pom.xml file
for Apache Rampart on version 1.7.1, it appears that Rampart pulls down version 1.6.16, and
hence is vulnerable.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message