cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject [ANNOUNCE] - New security advisories for Apache CXF
Date Wed, 30 Apr 2014 17:08:43 GMT
Four new security advisories have been disclosed for Apache CXF. They are:

 * CVE-2014-0109: HTML content posted to SOAP endpoint could cause OOM
errors
 * CVE-2014-0110: Large invalid content could cause temporary space to fill
 * CVE-2014-0034: The SecurityTokenService accepts certain invalid SAML
Tokens as valid
 * CVE-2014-0035: UsernameTokens are sent in plaintext with a Symmetric
EncryptBeforeSigning policy

Please see the security advisories page of Apache CXF for more information:

http://cxf.apache.org/security-advisories.html

Users are strongly encouraged to upgrade to the latest releases (2.6.14 and
2.7.11).

Colm.


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message