You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2018/07/04 14:47:53 UTC
Apache CXF Fediz 1.4.4 is released
Apache CXF Fediz (http://cxf.apache.org/fediz) is a subproject of Apache
CXF. Fediz helps you to secure your web applications and delegates security
enforcement to the underlying application server. With Fediz,
authentication is externalized from your web application to an identity
provider installed as a dedicated server component.
The Apache CXF Fediz team is pleased to announce the release of version
1.4.4, which is available for download here:
http://cxf.apache.org/fediz-downloads.html
This release contains a fix for a new security advisory:
CVE-2018-8038: Apache CXF Fediz is vulnerable to DTD based XML attacks
The advisory text is available at this location:
http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc
Please also refer to the CXF security advisories page:
http://cxf.apache.org/security-advisories.html
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com