You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Christopher (JIRA)" <ji...@apache.org> on 2019/02/21 17:24:00 UTC

[jira] [Created] (RAMPART-446) Rampart uses vulnerable version of WSS4J

Christopher created RAMPART-446:
-----------------------------------

             Summary: Rampart uses vulnerable version of WSS4J
                 Key: RAMPART-446
                 URL: https://issues.apache.org/jira/browse/RAMPART-446
             Project: Rampart
          Issue Type: Bug
    Affects Versions: 1.7.1
            Reporter: Christopher


Apache WSS4J has some security issues that have been known since 2015.  See [https://ws.apache.org/wss4j/security_advisories.html] Both are against any version of Apache WSS4J below version 1.6.17.  Looking at the pom.xml file for Apache Rampart on version 1.7.1, it appears that Rampart pulls down version 1.6.16, and hence is vulnerable.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org