You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/09/25 11:13:47 UTC
svn commit: r1627492 - in /webservices/wss4j/trunk/src/site: site.xml xdoc/security_advisories.xml

Author: coheigea
Date: Thu Sep 25 09:13:46 2014
New Revision: 1627492

URL: http://svn.apache.org/r1627492
Log:
Added a security advisory page for WSS4J

Added:
    webservices/wss4j/trunk/src/site/xdoc/security_advisories.xml
Modified:
    webservices/wss4j/trunk/src/site/site.xml

Modified: webservices/wss4j/trunk/src/site/site.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/site/site.xml?rev=1627492&r1=1627491&r2=1627492&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/site/site.xml (original)
+++ webservices/wss4j/trunk/src/site/site.xml Thu Sep 25 09:13:46 2014
@@ -13,6 +13,7 @@
       <item name="Home" href="index.html"/>
       <item name="Download" href="download.html"/>
       <item name="User Guide" href="user_guide.html"/>
+      <item name="Security Advisories" href="security_advisories.html"/>
     </menu>
 
     <menu ref="reports"/>

Added: webservices/wss4j/trunk/src/site/xdoc/security_advisories.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/site/xdoc/security_advisories.xml?rev=1627492&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/site/xdoc/security_advisories.xml (added)
+++ webservices/wss4j/trunk/src/site/xdoc/security_advisories.xml Thu Sep 25 09:13:46 2014
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<document>
+<body>
+<section name="Security Advisories">
+<p>
+As Apache WSS4J is a library that provides WS-Security functionality to web
+service stacks such as Apache CXF and Apache Axis, security issues associated
+with WS-Security tend to be reported to these downstream projects. Therefore
+the best way to keep an eye on security issues involving WSS4J is to look at
+the security advisories pages of these projects.
+</p>
+<p>
+The security advisory page for Apache CXF is <a href="http://cxf.apache.org/security-advisories.html">here</a>. In particular, the following security 
+advisories are relevant to users of WSS4J:
+</p>
+<ul>
+<li><a href="http://cxf.apache.org/cve-2012-5575.html">Note on CVE-2012-5575</a> - XML Encryption backwards compatibility attack on Apache CXF.</li>
+<li><a href="http://cxf.apache.org/note-on-cve-2011-2487.html">Note on CVE-2011-2487</a> - Bleichenbacher attack against distributed symmetric key in WS-Security.</li>
+<li><a href="http://cxf.apache.org/note-on-cve-2011-1096.html">Note on CVE-2011-1096</a> - XML Encryption flaw / Character pattern encoding attack.</li>
+</ul>
+
+</section>            
+</body>
+</document>