You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Willem Jiang <wi...@gmail.com> on 2012/02/24 16:43:30 UTC
Question about wss4j feature
Hi,
As you know CXF 2.5.3-SNAPSHOT is moving to use WSS4j 1.6.5-SNAPSHOT
I'm trying to install the WSS4J feature of CXF-2.5.3-SNAPSHOT, and I get
the complain about packages of xmlsec cannot be resolved.
I compared the META-INF of the WSS4J 1.6.5-SNAPSHOT and WSS4j 1.6.4 and
found the imports package of xmlsec was changed from optional resolution
to [1.5, 2).
Is there any reason to introduce these changes in WSS4J?
If it is necessary, we need to update the feature file to add the new
version of xmlsec dependency accordingly.
Willem
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.javaeye.com (Chinese)
Twitter: willemjiang
Weibo: willemjiang
Re: Question about wss4j feature
Posted by Daniel Kulp <dk...@apache.org>.
On Friday, February 24, 2012 11:43:30 PM Willem Jiang wrote:
> Hi,
>
> As you know CXF 2.5.3-SNAPSHOT is moving to use WSS4j 1.6.5-SNAPSHOT
> I'm trying to install the WSS4J feature of CXF-2.5.3-SNAPSHOT, and I get
> the complain about packages of xmlsec cannot be resolved.
>
> I compared the META-INF of the WSS4J 1.6.5-SNAPSHOT and WSS4j 1.6.4 and
> found the imports package of xmlsec was changed from optional resolution
> to [1.5, 2).
>
> Is there any reason to introduce these changes in WSS4J?
Yes. 1.5 is needed to provide some new algorithms and such to provide
solutions for some potential vulnerabilities.
> If it is necessary, we need to update the feature file to add the new
> version of xmlsec dependency accordingly.
Version 1.5.1 of xmlsec was just released this morning:
http://s.apache.org/KJf
Once that hit's central, we should update to use it.
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com