Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 30 Nov 2017 11:05:45 +0000
From: Colm O hEigeartaigh <>
To: "" <>, "" <>,,
Cc: Apache Security Response Team <>
Subject: Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security
 advisory CVE-2017-12631

Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web
applications and delegates security enforcement to the underlying
application server.

Apache CXF Fediz 1.4.3 and 1.3.3 are released along with a new security
advisory that is fixed in these releases:

CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.

Users who are using the Spring security plugins of Apache CXF Fediz should
upgrade immediately to the latest releases.


Colm O hEigeartaigh

Talend Community Coder

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.