Two new security advisories released for Apache CXF Fediz

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Two new security advisories released for Apache CXF Fediz

coheigea
Administrator
All,

Two new security advisories are released that are fixed in the latest
Apache CXF Fediz releases:

a) CVE-2017-7661: The Apache CXF Fediz Jetty and Spring plugins are
vulnerable to CSRF attacks.

b) CVE-2017-7662: The Apache CXF Fediz OIDC Client Registration Service is
vulnerable to CSRF attacks

The security advisory texts are available at the following link - please
read them carefully if you are an Apache CXF Fediz user:

http://cxf.apache.org/security-advisories.html

Colm.


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com