You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kylin.apache.org by "Shaofeng SHI (JIRA)" <ji...@apache.org> on 2018/03/21 01:29:00 UTC

[jira] [Comment Edited] (KYLIN-3301) Upgrade opensaml

    [ https://issues.apache.org/jira/browse/KYLIN-3301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16406454#comment-16406454 ] 

Shaofeng SHI edited comment on KYLIN-3301 at 3/21/18 1:28 AM:
--------------------------------------------------------------

According to the CVE ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1796),] need upgrade to 2.6.5 or above, now upgrade it to 2.6.6.


was (Author: shaofengshi):
There is no newer version for opensaml. Seems that project is not well maintained.

> Upgrade opensaml
> ----------------
>
>                 Key: KYLIN-3301
>                 URL: https://issues.apache.org/jira/browse/KYLIN-3301
>             Project: Kylin
>          Issue Type: Improvement
>          Components: Integration
>    Affects Versions: v2.2.0, v2.3.0
>            Reporter: Shaofeng SHI
>            Priority: Major
>
> opensaml 2.6.4 is reported with security issue (CVE-2015-1796), need upgrade.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)