Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017-12631

[Colm O hEigeartaigh <co...@apache.org>]

Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web
applications and delegates security enforcement to the underlying
application server.

Apache CXF Fediz 1.4.3 and 1.3.3 are released along with a new security
advisory that is fixed in these releases:

CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.

http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc

Users who are using the Spring security plugins of Apache CXF Fediz should
upgrade immediately to the latest releases.

Colm.


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017-12631

[sebb <se...@gmail.com>]

From the peanut gallery:

It seems to me that such emails should have links to the CXF website
and download page.

Also, most people reading the announce@ list will have no idea what
CXF is about.
Announce mails should include a brief summary of the project (as you
have done for Fediz).


On 30 November 2017 at 11:05, Colm O hEigeartaigh <co...@apache.org> wrote:
> Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web
> applications and delegates security enforcement to the underlying
> application server.
>
> Apache CXF Fediz 1.4.3 and 1.3.3 are released along with a new security
> advisory that is fixed in these releases:
>
> CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.
>
> http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc
>
> Users who are using the Spring security plugins of Apache CXF Fediz should
> upgrade immediately to the latest releases.
>
> Colm.
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com