You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2014/04/30 19:08:43 UTC
[ANNOUNCE] - New security advisories for Apache CXF
Four new security advisories have been disclosed for Apache CXF. They are:
* CVE-2014-0109: HTML content posted to SOAP endpoint could cause OOM
errors
* CVE-2014-0110: Large invalid content could cause temporary space to fill
* CVE-2014-0034: The SecurityTokenService accepts certain invalid SAML
Tokens as valid
* CVE-2014-0035: UsernameTokens are sent in plaintext with a Symmetric
EncryptBeforeSigning policy
Please see the security advisories page of Apache CXF for more information:
http://cxf.apache.org/security-advisories.html
Users are strongly encouraged to upgrade to the latest releases (2.6.14 and
2.7.11).
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com