cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r1241514 - in /cxf/web/content: cache/main.pageCache cve-2012-0803.html distributed-osgi-reference.html dosgi-releases.html security-advisories.html
Date Tue, 07 Feb 2012 16:40:44 GMT
Author: dkulp
Date: Tue Feb  7 16:40:43 2012
New Revision: 1241514

URL: http://svn.apache.org/viewvc?rev=1241514&view=rev
Log:
Modified: dosgi-releases.html
Modified: distributed-osgi-reference.html
Modified: security-advisories.html
Adding: cve-2012-0803.html

Added:
    cxf/web/content/cve-2012-0803.html   (with props)
Modified:
    cxf/web/content/cache/main.pageCache
    cxf/web/content/distributed-osgi-reference.html
    cxf/web/content/dosgi-releases.html
    cxf/web/content/security-advisories.html

Modified: cxf/web/content/cache/main.pageCache
URL: http://svn.apache.org/viewvc/cxf/web/content/cache/main.pageCache?rev=1241514&r1=1241513&r2=1241514&view=diff
==============================================================================
Binary files - no diff available.

Added: cxf/web/content/cve-2012-0803.html
URL: http://svn.apache.org/viewvc/cxf/web/content/cve-2012-0803.html?rev=1241514&view=auto
==============================================================================
--- cxf/web/content/cve-2012-0803.html (added)
+++ cxf/web/content/cve-2012-0803.html Tue Feb  7 16:40:43 2012
@@ -0,0 +1,228 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<html>
+  <head>
+    <link type="text/css" rel="stylesheet" href="http://cxf.apache.org/resources/site.css">
+    <script src="http://cxf.apache.org/resources/space.js" type="text/javascript"></script>
+    
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture,
web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support,
integration standards, application integration, middleware, software, solutions, services,
CXF, open source">
+<meta name="description" content="Apache CXF, Services Framework - CVE-2012-0803">
+    <title>
+Apache CXF -- CVE-2012-0803
+    </title>
+  </head>
+<body onload="init()">
+
+
+<table width="100%" cellpadding="0" cellspacing="0">
+  <tr>
+    <td id="cell-0-0" colspan="2">&nbsp;</td>
+    <td id="cell-0-1">&nbsp;</td>
+    <td id="cell-0-2" colspan="2">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-1-0">&nbsp;</td>
+    <td id="cell-1-1">&nbsp;</td>
+    <td id="cell-1-2">
+      <div style="padding: 5px;">
+        <div id="banner">
+          <!-- Banner -->
+<div id="banner-content">
+<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left"
colspan="1" nowrap>
+<a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight:
bold; font-size: 170%; color: white">Apache CXF</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="http://www.apache.org/" title="The Apache Software Foundation"><img
border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
+</td></tr></table>
+</div>
+          <!-- Banner -->
+        </div>
+      </div>
+      <div id="top-menu">
+        <table border="0" cellpadding="1" cellspacing="0" width="100%">
+          <tr>
+            <td>
+              <div align="left">
+                <!-- Breadcrumbs -->
+<a href="index.html">Index</a>&nbsp;&gt;&nbsp;<a href="security-advisories.html">Security
Advisories</a>&nbsp;&gt;&nbsp;<a href="cve-2012-0803.html">CVE-2012-0803</a>
+                <!-- Breadcrumbs -->
+              </div>
+            </td>
+            <td>
+              <div align="right">
+                <!-- Quicklinks -->
+<div id="quicklinks"><p><a shape="rect" href="download.html" title="Download">Download</a>
| <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
+                <!-- Quicklinks -->
+              </div>
+            </td>
+          </tr>
+        </table>
+      </div>
+    </td>
+    <td id="cell-1-3">&nbsp;</td>
+    <td id="cell-1-4">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-2-0" colspan="2">&nbsp;</td>
+    <td id="cell-2-1">
+      <table>
+        <tr valign="top">
+          <td height="100%">
+            <div id="wrapper-menu-page-right">
+              <div id="wrapper-menu-page-top">
+                <div id="wrapper-menu-page-bottom">
+                  <div id="menu-page">
+                    <!-- NavigationBar -->
+<div id="navigation"><h3><a shape="rect" name="Navigation-ApacheCXFIndex"></a><a
shape="rect" href="index.html" title="Index">Apache CXF</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="index.html"
title="Index">Home</a></li><li><a shape="rect" href="download.html"
title="Download">Download</a></li><li><a shape="rect" href="people.html"
title="People">People</a></li><li><a shape="rect" href="project-status.html"
title="Project Status">Project Status</a></li><li><a shape="rect"
href="roadmap.html" title="Roadmap">Roadmap</a></li><li><a shape="rect"
href="mailing-lists.html" title="Mailing Lists">Mailing Lists</a></li><li><a
shape="rect" class="external-link" href="http://issues.apache.org/jira/browse/CXF">Issue
Reporting</a></li><li><a shape="rect" href="special-thanks.html" title="Special
Thanks">Special Thanks</a></li><li><a shape="rect" class="external-link"
href="http://www.apache.org/licenses/">License</a></li><li><a shape="rect"
href="security-advisories.html" title="Security Advisories">Security Advisories</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Users"></a>Users</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="http://cxf.apache.org/docs/index.html">User's
Guide</a></li><li><a shape="rect" href="support.html" title="Support">Support</a></li><li><a
shape="rect" href="faq.html" title="FAQ">FAQ</a></li><li><a shape="rect"
href="resources-and-articles.html" title="Resources and Articles">Resources and Articles</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Search"></a>Search</h3>
+
+<form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
+  <div>
+    <input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4">
+    <input type="hidden" name="ie" value="UTF-8">
+    <input type="text" name="q" size="21">
+    <input type="submit" name="sa" value="Search">
+  </div>
+</form>
+<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
+
+
+<h3><a shape="rect" name="Navigation-Developers"></a>Developers</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="http://cxf.apache.org/docs/cxf-architecture.html">Architecture
Guide</a></li><li><a shape="rect" href="source-repository.html" title="Source
Repository">Source Repository</a></li><li><a shape="rect" href="building.html"
title="Building">Building</a></li><li><a shape="rect" href="automated-builds.html"
title="Automated Builds">Automated Builds</a></li><li><a shape="rect"
href="testing-debugging.html" title="Testing-Debugging">Testing-Debugging</a></li><li><a
shape="rect" href="coding-guidelines.html" title="Coding Guidelines">Coding Guidelines</a></li><li><a
shape="rect" href="getting-involved.html" title="Getting Involved">Getting Involved</a></li><li><a
shape="rect" href="release-management.html" title="Release Management">Release Management</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Subprojects"></a>Subprojects</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="distributed-osgi.html"
title="Distributed OSGi">Distributed OSGi</a></li><li><a shape="rect"
href="xjc-utils.html" title="XJC Utils">XJC Utils</a></li><li><a shape="rect"
href="build-utils.html" title="Build Utils">Build Utils</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-ASF"></a><a shape="rect" class="external-link"
href="http://www.apache.org">ASF</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" class="external-link"
href="http://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li><li><a
shape="rect" class="external-link" href="http://www.apache.org/foundation/">Foundation</a></li><li><a
shape="rect" class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsor
Apache</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li><li><a
shape="rect" class="external-link" href="http://www.apache.org/security/">Security</a></li></ul>
+</div>
+                    <!-- NavigationBar -->
+                  </div>
+              </div>
+            </div>
+          </div>
+         </td>
+         <td height="100%">
+           <!-- Content -->
+           <div class="wiki-content">
+<div id="ConfluenceContent"><p>----<del>BEGIN PGP SIGNED MESSAGE</del>----<br
clear="none">
+Hash: SHA1</p>
+
+
+<p>CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly</p>
+
+<p>Severity: Important</p>
+
+<p>Vendor: The Apache Software Foundation</p>
+
+<p>Versions Affected: Apache CXF 2.4.5 and 2.5.1</p>
+
+<p>Description: CXF does not validate a WS-Security UsernameToken received as part<br
clear="none">
+of the security header of a SOAP request against a WS-SP UsernameToken policy.</p>
+
+<p>A malicious client could send a request to the endpoint with no UsernameToken,<br
clear="none">
+and the UsernameToken policy requirement would still be marked as valid.</p>
+
+<p>This has been fixed in revision:</p>
+
+<p><a shape="rect" class="external-link" href="http://svn.apache.org/viewvc?view=revision&amp;revision=1233457">http://svn.apache.org/viewvc?view=revision&amp;revision=1233457</a></p>
+
+<p>This issue was a regression in CXF 2.4.5 and 2.5.1. The vulnerability does not<br
clear="none">
+exist in CXF 2.4.4 and 2.5.0.</p>
+
+<p>Migration:</p>
+
+<p>CXF 2.4.5 users should upgrade to 2.4.6 as soon as possible.<br clear="none">
+CXF 2.5.1 users should upgrade to 2.5.2 as soon as possible.</p>
+
+<p>References: <a shape="rect" href="http://cxf.apache.org/security-advisories.html">http://cxf.apache.org/security-advisories.html</a></p>
+
+<p>----<del>BEGIN PGP SIGNATURE</del>----<br clear="none">
+Version: GnuPG v1.4.11 (GNU/Linux)</p>
+
+<p>iQEcBAEBAgAGBQJPMAVXAAoJEGe/gLEK1TmD6y0H/2aP3A02qoFKeV0oYj7y8BCv<br clear="none">
+yPymkAilG6RLZK3kafZREnQ2jY/lCT0xXNP5n+0TYEu56WuS5tGzAeWpQc1TFmbi<br clear="none">
+Uq0YTv5RM3TZZ8lzThid+ean1qBU9LuIziQqKWP0QRpw+UipUHq68jTGkAOMePId<br clear="none">
+IbXnyogUy0si3jpI7BCnMsDOR8fGx9+t35D5jfcVf4aH+jFP1W4DhjeFbDhMlvSF<br clear="none">
+8Z4Pphvd7yi6x469dx0e46cGLaGi/BYyG3C2IrMOAmUXBcYB3g3skZN1nrY1t90n<br clear="none">
+IB12w03xishiAZVNs9FsfR3lAa84zX8z7+hrqb8Rlra1evhJBXQ/L583bmMmxKc=<br clear="none">
+=iU+M<br clear="none">
+----<del>END PGP SIGNATURE</del>----</p></div>
+           </div>
+           <!-- Content -->
+         </td>
+        </tr>
+      </table>
+   </td>
+   <td id="cell-2-2" colspan="2">&nbsp;</td>
+  </tr>
+  <tr>
+   <td id="cell-3-0">&nbsp;</td>
+   <td id="cell-3-1">&nbsp;</td>
+   <td id="cell-3-2">
+     <div id="footer">
+       <!-- Footer -->
+       <div id="site-footer">
+         <a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a>
- 
+         (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=27837584">edit
page</a>) 
+	 (<a href="https://cwiki.apache.org/confluence/display/CXF/CVE-2012-0803?showComments=true&amp;showCommentArea=true#addcomment">add
comment</a>)<br>
+	Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
+        All other marks mentioned may be trademarks or registered trademarks of their respective
owners.
+       </div>
+       <!-- Footer -->
+     </div>
+   </td>
+   <td id="cell-3-3">&nbsp;</td>
+   <td id="cell-3-4">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-4-0" colspan="2">&nbsp;</td>
+    <td id="cell-4-1">&nbsp;</td>
+    <td id="cell-4-2" colspan="2">&nbsp;</td>
+  </tr>
+</table>
+
+<script type="text/javascript">
+var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
+document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
+</script>
+<script type="text/javascript">
+try {
+var pageTracker = _gat._getTracker("UA-4458903-1");
+pageTracker._trackPageview();
+} catch(err) {}</script>
+
+</body>
+</html>
+

Propchange: cxf/web/content/cve-2012-0803.html
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/web/content/cve-2012-0803.html
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/web/content/cve-2012-0803.html
------------------------------------------------------------------------------
    svn:mime-type = text/html

Modified: cxf/web/content/distributed-osgi-reference.html
URL: http://svn.apache.org/viewvc/cxf/web/content/distributed-osgi-reference.html?rev=1241514&r1=1241513&r2=1241514&view=diff
==============================================================================
--- cxf/web/content/distributed-osgi-reference.html (original)
+++ cxf/web/content/distributed-osgi-reference.html Tue Feb  7 16:40:43 2012
@@ -174,7 +174,7 @@ property set to true and used to secure 
 <a shape="rect" class="external-link" href="http://wiki.ops4j.org/display/paxweb/Configuration"
rel="nofollow">http://wiki.ops4j.org/display/paxweb/Configuration</a>
 <p>, however other OSGi HTTP Service implementations are potentially configured differently.
</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> org.apache.cxf.ws.frontend </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> String </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>
<tt>jaxws</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> The CXF frontend which will be used to create endpoints. Defaults to 'simple' which
is an Aegis-based simple frontend. Note that for JAXWS to work a javax.jws.* has to be imported
into the interface and/or implementation and client bundles for annotations like @WebService
and @WebMethod be recognized</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> org.apache.cxf.ws.databinding </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> String </td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> <tt>jaxb</tt> </td><td colspan="1" rowspan="1"
class=
 "confluenceTd" nowrap> Supported values are 'aegis and 'jaxb', defaults to 'aegis'. Note
that for JAXB to work JAXB packages like javax.xml.bind.annotation.* have to be imported </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.ws.wsdl.location </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> String </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> <tt>/wsdl/service.wsdl</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> WSDL location </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.ws.wsdl.service.ns
</td><td colspan="1" rowspan="1" class="confluenceTd" nowrap> String </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> {{
 <a shape="rect" class="external-link" href="http://services.org" rel="nofollow">http://services.org</a>
-<p>}} </p></td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>
WSDL service namespace </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> org.apache.cxf.ws.wsdl.service.name </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> String </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>
<tt>SoapService</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> WSDL service name </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> org.apache.cxf.ws.wsdl.port.name </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> String </td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> <tt>SoapServicePort</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> WSDL port name </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.ws.in.interceptors
</td><td colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[],
List, Object </td><td colspan="1"
  rowspan="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> List of CXF in interceptors </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.ws.out.interceptors
</td><td colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[],
List, Object </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> List of CXF out interceptors </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.ws.in.fault.interceptors
</td><td colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[],
List, Object </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> List of CXF in fault interceptors
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd" nowrap>
org.apache.cxf.ws.out.fault.interceptors </td><td colspan
 ="1" rowspan="1" class="confluenceTd" nowrap> String, String[], List, Object </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> List of CXF out fault interceptors </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.ws.features </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[], List, Object </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> List of CXF out features </td></tr></tbody></table>
+<p>}} </p></td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>
WSDL service namespace </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> org.apache.cxf.ws.wsdl.service.name </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> String </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>
<tt>SoapService</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> WSDL service name </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> org.apache.cxf.ws.wsdl.port.name </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> String </td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> <tt>SoapServicePort</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> WSDL port name </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.ws.in.interceptors
</td><td colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[],
List </td><td colspan="1" rowspan
 ="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> List of CXF in interceptors </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.ws.out.interceptors </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[], List </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> List of CXF out interceptors </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.ws.in.fault.interceptors
</td><td colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[],
List </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> List of CXF in fault interceptors
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd" nowrap>
org.apache.cxf.ws.out.fault.interceptors </td><td colspan="1" rowspan="1" class="
 confluenceTd" nowrap> String, String[], List </td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap>&#160;</td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> List of CXF out fault interceptors </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.ws.features </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> String, String[], List, Object </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> List of CXF out features </td></tr></tbody></table>
 </div>
 
 
@@ -189,7 +189,7 @@ property set to true and used to secure 
 <a shape="rect" class="external-link" href="http://localhost:9090/greeter" rel="nofollow">http://localhost:9090/greeter</a>
 <p>}} </p></td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>
The address at which the service with be made available remotely. If this property is not
specified, this defaults to {{
 <a shape="rect" class="external-link" href="http://localhost:9000/fully/qualified/ClassName"
rel="nofollow">http://localhost:9000/fully/qualified/ClassName</a>
-<p>}}. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> org.apache.cxf.rs.httpservice.context </td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> String </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> <tt>/auction</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> When this property is specified, the OSGi HTTP Service which is used to expose
the service, rather than a dedicated Jetty HTTP Server. By default, absolute address may look
like 'http://localhost:8080/auction'  </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> org.apache.cxf.rs.provider </td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> Boolean </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> <tt>true/false</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> Can be used to identify a global JAXRS provider as CXF-compatible </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap
 > org.apache.cxf.rs.provider.expected </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> Boolean </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>
<tt>true/false</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> Can be used to require global providers to set an 'org.apache.cxf.rs.provider'
property with a value 'true'. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> org.apache.cxf.rs.provider.globalquery </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> Boolean </td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> <tt>true/false</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> Can be used to disable queries for global providers,
defaults to 'true'. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> org.apache.cxf.rs.databinding </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> String </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>
  <tt>aegis</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> This property has a limited value for JAXRS services as JAXB is supported by default,
the only supported value is 'aegis' and it is a shortcut for registering an Aegis provider,
see below for more information on how to register custom providers for JAXRS services</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.ws.wadl.location </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> String </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> <tt>/wadl/service.wadl</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> WADL location </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.rs.provider </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[], List, Object </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1"
rowspan="1" class="confluenceTd
 " nowrap> List of JAX-RS providers </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.rs.in.interceptors </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[], List, Object </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> List of CXF in interceptors </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.rs.out.interceptors
</td><td colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[],
List, Object </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> List of CXF out interceptors </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.rs.in.fault.interceptors
</td><td colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[],
List, Object </td><td colspan="1" rowspan="1" class
 ="confluenceTd" nowrap>&#160;</td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> List of CXF in fault interceptors </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.rs.out.fault.interceptors </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[], List, Object </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> List of CXF out fault interceptors </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.rs.features </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[], List, Object </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> List of CXF out features </td></tr></tbody></table>
+<p>}}. </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> org.apache.cxf.rs.httpservice.context </td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> String </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> <tt>/auction</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> When this property is specified, the OSGi HTTP Service which is used to expose
the service, rather than a dedicated Jetty HTTP Server. By default, absolute address may look
like 'http://localhost:8080/auction'  </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> org.apache.cxf.rs.provider </td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> Boolean </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> <tt>true/false</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> Can be used to identify a global JAXRS provider as CXF-compatible </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap
 > org.apache.cxf.rs.provider.expected </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> Boolean </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>
<tt>true/false</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> Can be used to require global providers to set an 'org.apache.cxf.rs.provider'
property with a value 'true'. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> org.apache.cxf.rs.provider.globalquery </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> Boolean </td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> <tt>true/false</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> Can be used to disable queries for global providers,
defaults to 'true'. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> org.apache.cxf.rs.databinding </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> String </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>
  <tt>aegis</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> This property has a limited value for JAXRS services as JAXB is supported by default,
the only supported value is 'aegis' and it is a shortcut for registering an Aegis provider,
see below for more information on how to register custom providers for JAXRS services</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.rs.wadl.location </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> String </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> <tt>/wadl/service.wadl</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> WADL location </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.rs.provider </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[], List </td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap
 > List of JAX-RS providers </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> org.apache.cxf.rs.in.interceptors </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> String, String[], List </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> List of CXF in interceptors </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.rs.out.interceptors
</td><td colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[],
List </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> List of CXF out interceptors </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.rs.in.fault.interceptors
</td><td colspan="1" rowspan="1" class="confluenceTd" nowrap> String, String[],
List </td><td colspan="1" rowspan="1" class="confluenceTd" nowrap>&#160;</t
 d><td colspan="1" rowspan="1" class="confluenceTd" nowrap> List of CXF in fault
interceptors </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> org.apache.cxf.rs.out.fault.interceptors </td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> String, String[], List </td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap>&#160;</td><td colspan="1" rowspan="1" class="confluenceTd"
nowrap> List of CXF out fault interceptors </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> org.apache.cxf.rs.features </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap> String, String[], List </td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap>&#160;</td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap> List of CXF out features </td></tr></tbody></table>
 </div>
 
 

Modified: cxf/web/content/dosgi-releases.html
URL: http://svn.apache.org/viewvc/cxf/web/content/dosgi-releases.html?rev=1241514&r1=1241513&r2=1241514&view=diff
==============================================================================
--- cxf/web/content/dosgi-releases.html (original)
+++ cxf/web/content/dosgi-releases.html Tue Feb  7 16:40:43 2012
@@ -139,10 +139,10 @@ Apache CXF -- DOSGi Releases
 <div id="ConfluenceContent"><h2><a shape="rect" name="DOSGiReleases-Releases"></a>Releases</h2>
 
 <h3><a shape="rect" name="DOSGiReleases-CurrentRelease"></a>Current Release</h3>
-<p>1.2 is the current release of Distributed OSGi, as of July 25th 2010. For more information
on what's new in this release, please see the README in each distribution. The various distributions
can be downloaded as follows:</p>
+<p>1.3 is the current release of Distributed OSGi, as of February 6th 2012. For more
information on what's new in this release, please see the README and release notes in each
distribution. The various distributions can be downloaded as follows:</p>
 
 <div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh">Description</th><th colspan="1" rowspan="1" class="confluenceTh">File</th><th
colspan="1" rowspan="1" class="confluenceTh">MD5</th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>Multi-bundle distribution (tar.gz)</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz</a></td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz.md5">cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz.md5</a></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>Multi-bundle distribution (zip)</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a
  shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.zip">cxf-dosgi-ri-multibundle-distribution-1.2.zip</a></td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.zip.md5">cxf-dosgi-ri-multibundle-distribution-1.2.zip.md5</a></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>Single-bundle distribution</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-singlebundle-distribution-1.2.jar">cxf-dosgi-ri-singlebundle-distribution-1.2.jar</a></td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-singlebundle-distribution-1.2.jar.md5">cxf-dosgi-ri-singlebun
 dle-distribution-1.2.jar.md5</a></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd" nowrap>Source distribution</td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-source-distribution-1.2.tar.gz">cxf-dosgi-ri-source-distribution-1.2.tar.gz</a></td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-source-distribution-1.2.tar.gz.md5">cxf-dosgi-ri-source-distribution-1.2.tar.gz.md5</a></td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh">Description</th><th colspan="1" rowspan="1" class="confluenceTh">File</th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>Multi-bundle distribution (jar)</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.3/cxf-dosgi-ri-multibundle-distribution-1.3.jar"
rel="nofollow">cxf-dosgi-ri-multibundle-distribution-1.3.jar</a></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>Single-bundle distribution</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar"
rel="nofollow">cxf-dosgi-ri-singlebundle-d
 istribution-1.3.jar</a></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd" nowrap>Source distribution</td><td colspan="1" rowspan="1"
class="confluenceTd" nowrap><a shape="rect" class="external-link" href="http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-source-distribution/1.3/cxf-dosgi-ri-source-distribution-1.3.jar"
rel="nofollow">cxf-dosgi-ri-source-distribution-1.3.jar</a></td></tr></tbody></table>
 </div>
 
 
@@ -244,6 +244,15 @@ For the <b>Single Bundle Distribution</b
 </div></div>
 
 <h3><a shape="rect" name="DOSGiReleases-ArchivedReleases"></a>Archived
Releases</h3>
+
+<p>1.2 was released July 25th 2010.</p>
+
+<div class="table-wrap">
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh">Description</th><th colspan="1" rowspan="1" class="confluenceTh">File</th><th
colspan="1" rowspan="1" class="confluenceTh">MD5</th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>Multi-bundle distribution (tar.gz)</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz</a></td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz.md5">cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz.md5</a></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>Multi-bundle distribution (zip)</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a
  shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.zip">cxf-dosgi-ri-multibundle-distribution-1.2.zip</a></td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.zip.md5">cxf-dosgi-ri-multibundle-distribution-1.2.zip.md5</a></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd" nowrap>Single-bundle distribution</td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-singlebundle-distribution-1.2.jar">cxf-dosgi-ri-singlebundle-distribution-1.2.jar</a></td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-singlebundle-distribution-1.2.jar.md5">cxf-dosgi-ri-singlebun
 dle-distribution-1.2.jar.md5</a></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd" nowrap>Source distribution</td><td colspan="1"
rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-source-distribution-1.2.tar.gz">cxf-dosgi-ri-source-distribution-1.2.tar.gz</a></td><td
colspan="1" rowspan="1" class="confluenceTd" nowrap><a shape="rect" class="external-link"
href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-source-distribution-1.2.tar.gz.md5">cxf-dosgi-ri-source-distribution-1.2.tar.gz.md5</a></td></tr></tbody></table>
+</div>
+
+
+
 <p>1.1 was released Dec 1st, 2009.</p>
 
 <div class="table-wrap">

Modified: cxf/web/content/security-advisories.html
URL: http://svn.apache.org/viewvc/cxf/web/content/security-advisories.html?rev=1241514&r1=1241513&r2=1241514&view=diff
==============================================================================
--- cxf/web/content/security-advisories.html (original)
+++ cxf/web/content/security-advisories.html Tue Feb  7 16:40:43 2012
@@ -136,7 +136,7 @@ Apache CXF -- Security Advisories
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><ul><li><span class="error">[CVE-2012-0803]</span>
-</li><li><a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf">CVE-2010-2076</a>
- DTD based XML attacks.<br clear="none">
+<div id="ConfluenceContent"><ul><li><a shape="rect" href="cve-2012-0803.html"
title="CVE-2012-0803">CVE-2012-0803</a> - Apache CXF does not validate UsernameToken
policies correctly.</li><li><a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf">CVE-2010-2076</a>
- DTD based XML attacks.<br clear="none">
 .</li></ul>
 </div>
            </div>



Mime
View raw message