You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Andreas Veithen (JIRA)" <ji...@apache.org> on 2019/03/07 23:19:00 UTC
[jira] [Resolved] (RAMPART-446) Rampart uses vulnerable version of
WSS4J
[ https://issues.apache.org/jira/browse/RAMPART-446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andreas Veithen resolved RAMPART-446.
-------------------------------------
Resolution: Fixed
Fix Version/s: 1.7.2
> Rampart uses vulnerable version of WSS4J
> ----------------------------------------
>
> Key: RAMPART-446
> URL: https://issues.apache.org/jira/browse/RAMPART-446
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.7.1
> Reporter: Christopher
> Priority: Critical
> Fix For: 1.7.2
>
>
> Apache WSS4J has some security issues that have been known since 2015. See [https://ws.apache.org/wss4j/security_advisories.html] Both are against any version of Apache WSS4J below version 1.6.17. Looking at the pom.xml file for Apache Rampart on version 1.7.1, it appears that Rampart pulls down version 1.6.16, and hence is vulnerable.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org