Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017-12631

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017-12631

coheigea
Administrator
Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web
applications and delegates security enforcement to the underlying
application server.

Apache CXF Fediz 1.4.3 and 1.3.3 are released along with a new security
advisory that is fixed in these releases:

CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.

http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc

Users who are using the Spring security plugins of Apache CXF Fediz should
upgrade immediately to the latest releases.

Colm.


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com