www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Apache CXF Fediz 1.4.4 is released
Date Wed, 04 Jul 2018 14:47:53 GMT
Apache CXF Fediz (http://cxf.apache.org/fediz) is a subproject of Apache
CXF. Fediz helps you to secure your web applications and delegates security
enforcement to the underlying application server. With Fediz,
authentication is externalized from your web application to an identity
provider installed as a dedicated server component.

The Apache CXF Fediz team is pleased to announce the release of version
1.4.4, which is available for download here:
http://cxf.apache.org/fediz-downloads.html

This release contains a fix for a new security advisory:

CVE-2018-8038: Apache CXF Fediz is vulnerable to DTD based XML attacks

The advisory text is available at this location:
http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc

Please also refer to the CXF security advisories page:
http://cxf.apache.org/security-advisories.html


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message