You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2018/07/04 14:56:46 UTC
svn commit: r1032097 - in /websites/production/cxf/content:
cache/main.pageCache fediz-downloads.html fediz-history.html
Author: buildbot
Date: Wed Jul 4 14:56:45 2018
New Revision: 1032097
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz-downloads.html
websites/production/cxf/content/fediz-history.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/fediz-downloads.html
==============================================================================
--- websites/production/cxf/content/fediz-downloads.html (original)
+++ websites/production/cxf/content/fediz-downloads.html Wed Jul 4 14:56:45 2018
@@ -109,14 +109,14 @@ Apache CXF -- Fediz Downloads
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="FedizDownloads-Releases">Releases</h1><h2 id="FedizDownloads-1.4.4">1.4.4</h2><p>The 1.4.4 release is our latest release. For more information please see the <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12342255">release notes</a>.</p><div class="table-wrap"><table class="wrapped confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>PGP</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dyn/clos
er.lua?path=/cxf/fediz/1.4.4/fediz-1.4.4-source-release.zip">fediz-1.4.4-source-release.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/cxf/fediz/1.4.4/fediz-1.4.4-source-release.zip.sha1">fediz-1.4.4-source-release.zip.sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/cxf/fediz/1.4.4/fediz-1.4.4-source-release.zip.asc">fediz-1.4.4-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2 id="FedizDownloads-1.3.3">1.3.3</h2><p>The 1.3.3 release is our latest release of the 1.3.x branch. It is the last planned release of 1.3.x - users are encourage to migrate to the latest 1.4.x release instead. For more information please see the <a shape="rect" class="external-link" href="https://issues.apache.org/jira/projects/FEDIZ/versions/12340453">release notes</a>.</p><div class="table-wrap"><table class=
"wrapped confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>PGP</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.lua?path=/cxf/fediz/1.3.3/fediz-1.3.3-source-release.zip">fediz-1.3.3-source-release.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/cxf/fediz/1.3.3/fediz-1.3.3-source-release.zip.sha1">fediz-1.3.3-source-release.zip.sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="re
ct" class="external-link" href="https://www.apache.org/dist/cxf/fediz/1.3.3/fediz-1.3.3-source-release.zip.asc">fediz-1.3.3-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2 id="FedizDownloads-VerifyingReleases">Verifying Releases</h2><p>When downloading from a mirror please check the SHA1/MD5 checksums as well as verifying the OpenPGP compatible signature available from the main Apache site. The <a shape="rect" class="external-link" href="https://www.apache.org/dist/cxf/KEYS">KEYS</a> file contains the public keys used for signing the release. It is recommended that a web of trust is used to confirm the identity of these keys.</p><p>You can check the OpenPGP signature with GnuPG via:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<div id="ConfluenceContent"><h1 id="FedizDownloads-Releases">Releases</h1><h2 id="FedizDownloads-1.4.4">1.4.4</h2><p>The 1.4.4 release is our latest release. For more information please see the <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12342255">release notes</a>.</p><div class="table-wrap"><table class="wrapped confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>PGP</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dyn/clos
er.lua?path=/cxf/fediz/1.4.4/fediz-1.4.4-source-release.zip">fediz-1.4.4-source-release.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/cxf/fediz/1.4.4/fediz-1.4.4-source-release.zip.sha1">fediz-1.4.4-source-release.zip.sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/cxf/fediz/1.4.4/fediz-1.4.4-source-release.zip.asc">fediz-1.4.4-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2 id="FedizDownloads-1.3.3">1.3.3</h2><p>The 1.3.3 release is our latest release of the 1.3.x branch. It is the last planned release of 1.3.x - users are encourage to migrate to the latest 1.4.x release instead. For more information please see the <a shape="rect" class="external-link" href="https://issues.apache.org/jira/projects/FEDIZ/versions/12340453">release notes</a>.</p><div class="table-wrap"><table class=
"wrapped confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>SHA1</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>PGP</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.lua?path=/cxf/fediz/1.3.3/fediz-1.3.3-source-release.zip">fediz-1.3.3-source-release.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://www.apache.org/dist/cxf/fediz/1.3.3/fediz-1.3.3-source-release.zip.sha1">fediz-1.3.3-source-release.zip.sha1</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="re
ct" class="external-link" href="https://www.apache.org/dist/cxf/fediz/1.3.3/fediz-1.3.3-source-release.zip.asc">fediz-1.3.3-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2 id="FedizDownloads-VerifyingReleases">Verifying Releases</h2><p>When downloading from a mirror it is recommended to verify the integrity of the downloads. This should preferably be done by verifying the OpenPGP compatible signature available from the main Apache site. The <a shape="rect" class="external-link" href="https://www.apache.org/dist/cxf/KEYS">KEYS</a> file contains the public keys used for signing the release. It is recommended that a web of trust is used to confirm the identity of these keys.</p><p>You can check the OpenPGP signature with GnuPG via:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default">gpg --import KEYS
gpg --verify apache-fediz-*.zip.asc
</pre>
-</div></div><p>You can check the SHA1 checksum with:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>It is also possible to verify the integrity of the downloads using the SHA1 checksum with:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default">sha1sum --check apache-fediz-*.zip.sha1
</pre>
-</div></div><h1 id="FedizDownloads-Previousreleases">Previous releases</h1><p>Previous releases are all archived in the apache archive: <a shape="rect" class="external-link" href="http://archive.apache.org/dist/cxf/fediz">http://archive.apache.org/dist/cxf/fediz</a></p><h1 id="FedizDownloads-Snapshots">Snapshots</h1><div class="confluence-information-macro confluence-information-macro-information"><p class="title">Warning about snapshots</p><span class="aui-icon aui-icon-small aui-iconfont-info confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>These are snapshot builds - untested builds provided for your convenience. They have not been tested, and are not official releases of the Apache CXF Fediz project or the Apache Software Foundation.</p></div></div><p>1.4.5 <a shape="rect" class="external-link" href="https://repository.apache.org/content/groups/snapshots/org/apache/cxf/fediz/apache-fediz/1.4.5-SNAPSHOT/">https://repository.apache.org/co
ntent/groups/snapshots/org/apache/cxf/fediz/apache-fediz/1.4.5-SNAPSHOT/</a></p><h1 id="FedizDownloads-Maven2Repositories">Maven 2 Repositories</h1><p>If you use Maven 2 for building your applications, Apache CXF Fediz artifacts are available from the following repository URLS:</p><h3 id="FedizDownloads-Releases:">Releases:</h3><p>All supported CXF releases are synced into the Maven central repository: <a shape="rect" class="external-link" href="http://repo1.maven.org/maven2/" rel="nofollow">http://repo1.maven.org/maven2/</a></p><h3 id="FedizDownloads-Snapshots:">Snapshots:</h3><p>Snapshots are available in Apache's Maven snapshot repository: <a shape="rect" class="external-link" href="http://repository.apache.org/snapshots">http://repository.apache.org/snapshots</a></p></div>
+</div></div><h1 id="FedizDownloads-Previousreleases">Previous releases</h1><p>Previous releases are all archived in the apache archive: <a shape="rect" class="external-link" href="http://archive.apache.org/dist/cxf/fediz">http://archive.apache.org/dist/cxf/fediz</a></p><h1 id="FedizDownloads-Maven2Repositories">Maven 2 Repositories</h1><p>If you use Maven for building your applications,  all supported Fediz releases are synced into the maven central repository: <a shape="rect" class="external-link" href="http://repo1.maven.org/maven2/" rel="nofollow">http://repo1.maven.org/maven2/</a></p><p><br clear="none"></p></div>
</div>
<!-- Content -->
</td>
Modified: websites/production/cxf/content/fediz-history.html
==============================================================================
--- websites/production/cxf/content/fediz-history.html (original)
+++ websites/production/cxf/content/fediz-history.html Wed Jul 4 14:56:45 2018
@@ -99,7 +99,7 @@ Apache CXF -- Fediz History
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><p><strong><strong><strong><strong>November 30, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>3 and 1.3.3 released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.3 and 1.3.3 have been released. A new security advisory has been released for an issue that was fixed in these releases:</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc">CVE-2017-12631</a>: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.</li></ul><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12341612">1.4.3</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12340453">1.3.3</a>.</p><p><strong><strong>September 15, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>2 released</strong></strong></p><p>Apa
che CXF Fediz 1.4.2 has been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12341303">1.4.2</a>.</p><p><strong><strong>August 18, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>1 released</strong></strong></p><p>Apache CXF Fediz 1.4.1 has been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12340452">1.4.1</a>.</p><p><strong><strong>May 16, 2017 - Two new security advisories for Apache CXF Fediz are released</strong></strong></p><p>Two new security advisories have been released for issues that are fixed in the latest releases (1.4.0, 1.3.2 and 1.2.4):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc?version=1&modificationDate=1494949364764&api=v2">CVE-2017-7661</a>: The Apache CXF Fedi
z Jetty and Spring plugins are vulnerable to CSRF attacks.</li><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc?version=1&modificationDate=1494949377300&api=v2">CVE-2017-7662</a>: The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF attacks</li></ul><p><strong><strong>April 28, 2017 - Apache CXF Fediz 1.4.0, 1.3.2 and 1.2.4 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.4.0, 1.3.2 and 1.2.4 have been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338680">1.4.0</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338091">1.3.2</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338219">1.2.4</a>.</p><p><stron
g><strong><strong>September 8, 2016</strong></strong> - A new security advisory for Apache CXF Fediz is released</strong></p><p>A security issue was fixed in the latest Fediz releases (1.3.1 + 1.2.3):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc?version=1&modificationDate=1473350153000&api=v2">CVE-2016-4464</a>: Apache CXF Fediz application plugins do not match the SAML AudienceRestriction values against the list of configured audience URIs</li></ul><p>Please upgrade to the latest releases as soon as possible.</p><p><strong><strong>September 8, 2016 - Apache CXF Fediz 1.3.1 and 1.2.3 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.3.1 and 1.2.3 have been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12335480">1.3.1</a> <a shape="rect" class="external-link" href="https://issues.apa
che.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12334883">1.2.3</a></p><p><strong><strong>March 30, 2016 - Apache CXF Fediz 1.3.0 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.3.0 has been released. It contains an update to use CXF 3.1.6, a new OpenId Connect based IdP (<a shape="rect" href="https://cwiki.apache.org/confluence/display/CXF/Fediz+OIDC">Fediz OIDC</a>), support for bridging between the WS-Federation and OpenId Connect protocols, and support for SAML SSO in the Fediz IdP.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12329721">1.3.0</a></p><p><strong><strong>February 16, 2016 - Apache CXF Fediz 1.2.2 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.2.2 has been released. It contains an update to use CXF 3.0.8, some updates to the Websphere plugin, a fix for some issues relating to caching SAML tokens, and
various other bug fixes.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12333156">1.2.2</a></p><p><strong>August 28, 2015 - A new security advisory for Apache CXF Fediz is released</strong></p><p>A security issue was fixed in the latest Fediz releases (1.2.1 + 1.1.3):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2015-5175.txt.asc?version=1&modificationDate=1440598018000&api=v2">CVE-2015-5175</a>: Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks</li></ul><p><strong>August 12, 2015 - Apache CXF Fediz 1.2.1 and 1.1.3 released!</strong></p><p>Apache CXF Fediz 1.2.1 has been released. It contains an update to use Apache CXF 3.0.6, an update to use 2048 bit certificates to fix some issues with running the examples, support for SAML SSO Metadata in the IdP, as well as some other issues.</p><p>Apache CXF
Fediz 1.1.3 has also been released. It contains an update to use Apache CXF 2.7.17, a fix for a NPE when ChainTrust is configured + no Subject is provided, and a dynamic STS realm parser.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12332051">1.2.1</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12328874">1.1.3</a></p><p><strong>April 28, 2015 - Apache CXF Fediz 1.2.0 released!</strong></p><p>Apache CXF Fediz 1.2.0 has been released. It contains an update to use Apache CXF 3.0.4 as well as a host of new features (see below).</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12326043">1.2.0</a></p><p><strong>October 21, 2014 - Apache CXF Fediz 1.1.2 released!</strong></p><p>Apache CXF Fediz 1.1.
2 has been released. It features an update to CXF 2.7.13, as well as support for an easy to use claim mapping support in the STS, kerberos authentication support in the IdP, as well as some minor bug fixes.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12327120">1.1.2</a></p><p><strong>June 16, 2014 - Apache CXF Fediz 1.1.1 and 1.0.4 released!</strong></p><p>Apache CXF Fediz 1.1.1 and 1.0.4 have been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12325565">1.1.1</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12324084">1.0.4</a></p><p><strong>November 9, 2013 - Apache CXF Fediz 1.1.0 released!</strong></p><p>Apache CXF Fediz 1.1.0 has been released.</p><p>Release notes: <a shape="rec
t" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12324084">1.1.0</a></p><p><strong>February 22, 2013 - Apache CXF Fediz 1.0.3 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12323485">1.0.3</a></p><p><strong>November 7, 2012 - Apache CXF Fediz 1.0.2 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12323287">1.0.2</a></p><p><strong>August 28, 2012 - Apache CXF Fediz 1.0.1 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12321857">1.0.1</a></p><p><strong>June 23, 2012 - Apache CXF Fediz 1.0.0 released</strong></p><p>Release notes: <a shape="rect" class="external-l
ink" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12321243">1.0.0</a></p></div>
+<div id="ConfluenceContent"><p><strong><strong><strong><strong>June 29, 2018 - <strong><strong>Apache CXF Fediz 1.4.4</strong></strong> released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.4 has been released. A new security advisory has been released for an issue that was fixed in this release:</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc">CVE-2018-8038</a>: Apache CXF Fediz is vulnerable to DTD based XML attacks.</li></ul><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12342255">1.4.4</a>.</p><p><strong><strong><strong><strong>November 30, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>3 and 1.3.3 released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.3 and 1.3.3 have been released. A new security advisory has been released for an issue that was fixed in these releases:</p><ul
><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc">CVE-2017-12631</a>: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.</li></ul><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12341612">1.4.3</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12340453">1.3.3</a>.</p><p><strong><strong>September 15, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>2 released</strong></strong></p><p>Apache CXF Fediz 1.4.2 has been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12341303">1.4.2</a>.</p><p><strong><strong>August 18, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>1 released</strong></strong></p><p>Apache C
XF Fediz 1.4.1 has been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12340452">1.4.1</a>.</p><p><strong><strong>May 16, 2017 - Two new security advisories for Apache CXF Fediz are released</strong></strong></p><p>Two new security advisories have been released for issues that are fixed in the latest releases (1.4.0, 1.3.2 and 1.2.4):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc?version=1&modificationDate=1494949364764&api=v2">CVE-2017-7661</a>: The Apache CXF Fediz Jetty and Spring plugins are vulnerable to CSRF attacks.</li><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc?version=1&modificationDate=1494949377300&api=v2">CVE-2017-7662</a>: The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF attacks</li></ul><p><strong><strong>Apr
il 28, 2017 - Apache CXF Fediz 1.4.0, 1.3.2 and 1.2.4 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.4.0, 1.3.2 and 1.2.4 have been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338680">1.4.0</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338091">1.3.2</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338219">1.2.4</a>.</p><p><strong><strong><strong>September 8, 2016</strong></strong> - A new security advisory for Apache CXF Fediz is released</strong></p><p>A security issue was fixed in the latest Fediz releases (1.3.1 + 1.2.3):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc?version=1&modificationDate=1473350153
000&api=v2">CVE-2016-4464</a>: Apache CXF Fediz application plugins do not match the SAML AudienceRestriction values against the list of configured audience URIs</li></ul><p>Please upgrade to the latest releases as soon as possible.</p><p><strong><strong>September 8, 2016 - Apache CXF Fediz 1.3.1 and 1.2.3 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.3.1 and 1.2.3 have been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12335480">1.3.1</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12334883">1.2.3</a></p><p><strong><strong>March 30, 2016 - Apache CXF Fediz 1.3.0 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.3.0 has been released. It contains an update to use CXF 3.1.6, a new OpenId Connect based IdP (<a shape="rect" href="https://cwiki
.apache.org/confluence/display/CXF/Fediz+OIDC">Fediz OIDC</a>), support for bridging between the WS-Federation and OpenId Connect protocols, and support for SAML SSO in the Fediz IdP.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12329721">1.3.0</a></p><p><strong><strong>February 16, 2016 - Apache CXF Fediz 1.2.2 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.2.2 has been released. It contains an update to use CXF 3.0.8, some updates to the Websphere plugin, a fix for some issues relating to caching SAML tokens, and various other bug fixes.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12333156">1.2.2</a></p><p><strong>August 28, 2015 - A new security advisory for Apache CXF Fediz is released</strong></p><p>A security issue was fixed in the latest Fediz r
eleases (1.2.1 + 1.1.3):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2015-5175.txt.asc?version=1&modificationDate=1440598018000&api=v2">CVE-2015-5175</a>: Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks</li></ul><p><strong>August 12, 2015 - Apache CXF Fediz 1.2.1 and 1.1.3 released!</strong></p><p>Apache CXF Fediz 1.2.1 has been released. It contains an update to use Apache CXF 3.0.6, an update to use 2048 bit certificates to fix some issues with running the examples, support for SAML SSO Metadata in the IdP, as well as some other issues.</p><p>Apache CXF Fediz 1.1.3 has also been released. It contains an update to use Apache CXF 2.7.17, a fix for a NPE when ChainTrust is configured + no Subject is provided, and a dynamic STS realm parser.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12332051"
>1.2.1</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12328874">1.1.3</a></p><p><strong>April 28, 2015 - Apache CXF Fediz 1.2.0 released!</strong></p><p>Apache CXF Fediz 1.2.0 has been released. It contains an update to use Apache CXF 3.0.4 as well as a host of new features (see below).</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12326043">1.2.0</a></p><p><strong>October 21, 2014 - Apache CXF Fediz 1.1.2 released!</strong></p><p>Apache CXF Fediz 1.1.2 has been released. It features an update to CXF 2.7.13, as well as support for an easy to use claim mapping support in the STS, kerberos authentication support in the IdP, as well as some minor bug fixes.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&
;version=12327120">1.1.2</a></p><p><strong>June 16, 2014 - Apache CXF Fediz 1.1.1 and 1.0.4 released!</strong></p><p>Apache CXF Fediz 1.1.1 and 1.0.4 have been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12325565">1.1.1</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12324084">1.0.4</a></p><p><strong>November 9, 2013 - Apache CXF Fediz 1.1.0 released!</strong></p><p>Apache CXF Fediz 1.1.0 has been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12324084">1.1.0</a></p><p><strong>February 22, 2013 - Apache CXF Fediz 1.0.3 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=1231342
0&version=12323485">1.0.3</a></p><p><strong>November 7, 2012 - Apache CXF Fediz 1.0.2 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12323287">1.0.2</a></p><p><strong>August 28, 2012 - Apache CXF Fediz 1.0.1 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12321857">1.0.1</a></p><p><strong>June 23, 2012 - Apache CXF Fediz 1.0.0 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12321243">1.0.0</a></p></div>
</div>
<!-- Content -->
</td>