You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cxf.apache.org by sebb <se...@gmail.com> on 2017/12/01 09:07:47 UTC

Re: Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017-12631

From the peanut gallery:

It seems to me that such emails should have links to the CXF website
and download page.

Also, most people reading the announce@ list will have no idea what
CXF is about.
Announce mails should include a brief summary of the project (as you
have done for Fediz).


On 30 November 2017 at 11:05, Colm O hEigeartaigh <co...@apache.org> wrote:
> Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web
> applications and delegates security enforcement to the underlying
> application server.
>
> Apache CXF Fediz 1.4.3 and 1.3.3 are released along with a new security
> advisory that is fixed in these releases:
>
> CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.
>
> http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc
>
> Users who are using the Spring security plugins of Apache CXF Fediz should
> upgrade immediately to the latest releases.
>
> Colm.
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com