You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cxf.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2014/04/30 19:08:43 UTC

[ANNOUNCE] - New security advisories for Apache CXF

Four new security advisories have been disclosed for Apache CXF. They are:

 * CVE-2014-0109: HTML content posted to SOAP endpoint could cause OOM
errors
 * CVE-2014-0110: Large invalid content could cause temporary space to fill
 * CVE-2014-0034: The SecurityTokenService accepts certain invalid SAML
Tokens as valid
 * CVE-2014-0035: UsernameTokens are sent in plaintext with a Symmetric
EncryptBeforeSigning policy

Please see the security advisories page of Apache CXF for more information:

http://cxf.apache.org/security-advisories.html

Users are strongly encouraged to upgrade to the latest releases (2.6.14 and
2.7.11).

Colm.


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com