You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Christopher (JIRA)" <ji...@apache.org> on 2019/02/21 17:24:00 UTC
[jira] [Created] (RAMPART-446) Rampart uses vulnerable version of
WSS4J
Christopher created RAMPART-446:
-----------------------------------
Summary: Rampart uses vulnerable version of WSS4J
Key: RAMPART-446
URL: https://issues.apache.org/jira/browse/RAMPART-446
Project: Rampart
Issue Type: Bug
Affects Versions: 1.7.1
Reporter: Christopher
Apache WSS4J has some security issues that have been known since 2015. See [https://ws.apache.org/wss4j/security_advisories.html] Both are against any version of Apache WSS4J below version 1.6.17. Looking at the pom.xml file for Apache Rampart on version 1.7.1, it appears that Rampart pulls down version 1.6.16, and hence is vulnerable.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org