You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2015/01/19 16:50:44 UTC

New Apache Santuario security advisory CVE-2014-8152

A new security advisory for Apache Santuario has been issued -
CVE-2014-8152 - "Streaming XML Signature verification failure". It is a
critical advisory for anyone using the streaming XML Signature support
introduced in the 2.0.0 release. The DOM implementation is not affected.

This issue is fixed in the recently released version 2.0.3.

The security advisory is linked on the security advisories page of Apache
Santuario and also attached to this mail:
http://santuario.apache.org/secadv.html

Colm.


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com