Author: coheigea
Date: Tue Jun 23 09:11:19 2020
New Revision: 1062151
Log:
Updating website for Fediz 1.5.0 release
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz-downloads.html
websites/production/cxf/content/fediz-history.html
websites/production/cxf/content/fediz.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/fediz-downloads.html
==============================================================================
--- websites/production/cxf/content/fediz-downloads.html (original)
+++ websites/production/cxf/content/fediz-downloads.html Tue Jun 23 09:11:19
2020
@@ -32,8 +32,8 @@
<link type="text/css" rel="stylesheet"
href="/resources/highlighter/styles/shThemeCXF.css">
<script src='/resources/highlighter/scripts/shCore.js'></script>
-<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
<script src='/resources/highlighter/scripts/shBrushBash.js'></script>
+<script src='/resources/highlighter/scripts/shBrushJava.js'></script>
<script>
SyntaxHighlighter.defaults['toolbar'] = false;
SyntaxHighlighter.all();
@@ -109,12 +109,12 @@ Apache CXF -- Fediz Downloads
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="FedizDownloads-Releases">Releases</h1><h2
id="FedizDownloads-1.4.6">1.4.6</h2><p>The 1.4.6 release is our latest release.
For more information please see the <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12344260";>release
notes</a>.</p><div class="table-wrap"><table class="wrapped
confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col
span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>SHA512</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>PGP</p></th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dyn/c
loser.lua?path=/cxf/fediz/1.4.6/fediz-1.4.6-source-release.zip">fediz-1.4.6-source-release.zip</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://downloads.apache.org/cxf/fediz/1.4.6/fediz-1.4.6-source-release.zip.sha512";>fediz-1.4.6-source-release.zip.sha512</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://downloads.apache.org/cxf/fediz/1.4.6/fediz-1.4.6-source-release.zip.asc";>fediz-1.4.6-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2
id="FedizDownloads-VerifyingReleases">Verifying Releases</h2><p>When
downloading from a mirror it is recommended to verify the integrity of the
downloads. This should preferably be done by verifying the OpenPGP compatible
signature available from the main Apache site. The <a shape="rect"
class="external-link" href="https://downloads.apache.org/cxf/KEYS";>KEYS</a>
file contains the public keys used for s
igning the release. It is recommended that a web of trust is used to confirm
the identity of these keys.</p><p>You can check the OpenPGP signature with
GnuPG via:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<div id="ConfluenceContent"><h1 id="FedizDownloads-Releases">Releases</h1><h2
id="FedizDownloads-1.5.0">1.5.0</h2><p>The 1.5.0 release is our latest release.
For more information please see the <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12336848";>release
notes</a>.</p><div class="table-wrap"><table class="confluenceTable"><colgroup
span="1"><col span="1"><col span="1"><col span="1"><col
span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>SHA512</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>PGP</p></th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dyn/closer.lu
a?path=/cxf/fediz/1.5.0/fediz-1.5.0-source-release.zip">fediz-1.5.0-source-release.zip</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://downloads.apache.org/cxf/fediz/1.5.0/fediz-1.5.0-source-release.zip.sha512";>fediz-1.5.0-source-release.zip.sha512</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://downloads.apache.org/cxf/fediz/1.5.0/fediz-1.5.0-source-release.zip.asc";>fediz-1.5.0-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2
id="FedizDownloads-1.4.6">1.4.6</h2><p>The 1.4.6 release is our latest release
on the older 1.4.x branch. For more information please see the <a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12344260";>release
notes</a>. This is anticipated to be the last release of 1.4.x, and upgrading
to the newer 1.5.x series of releases is enco
uraged. </p><div class="table-wrap"><table class="wrapped
confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col
span="1"><col span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>SHA512</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>PGP</p></th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://www.apache.org/dyn/closer.lua?path=/cxf/fediz/1.4.6/fediz-1.4.6-source-release.zip";>fediz-1.4.6-source-release.zip</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://downloads.apache.org/cxf/fediz/1.4.6/fediz-1.4.6-source-release.zip.sha512";>fediz-1.4.6-source-release.zip.sha512</a></p></td><td
col
span="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://downloads.apache.org/cxf/fediz/1.4.6/fediz-1.4.6-source-release.zip.asc";>fediz-1.4.6-source-release.zip.asc</a></p></td></tr></tbody></table></div><h2
id="FedizDownloads-VerifyingReleases">Verifying Releases</h2><p>When
downloading from a mirror it is recommended to verify the integrity of the
downloads. This should preferably be done by verifying the OpenPGP compatible
signature available from the main Apache site. The <a shape="rect"
class="external-link" href="https://downloads.apache.org/cxf/KEYS";>KEYS</a>
file contains the public keys used for signing the release. It is recommended
that a web of trust is used to confirm the identity of these keys.</p><p>You
can check the OpenPGP signature with GnuPG via:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default">gpg --import KEYS
gpg --verify apache-fediz-*.zip.asc
</pre>
-</div></div><p>It is also possible to verify the integrity of the downloads
using the SHA1 checksum with:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default">sha1sum --check
apache-fediz-*.zip.sha1
+</div></div><p>It is also possible to verify the integrity of the downloads
using the SHA512 checksum with:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default">sha512sum --check
apache-fediz-*.zip.sha512
</pre>
</div></div><h1 id="FedizDownloads-Previousreleases">Previous
releases</h1><p>Previous releases are all archived in the Apache archive: <a
shape="rect" class="external-link"
href="https://archive.apache.org/dist/cxf/fediz";>https://archive.apache.org/dist/cxf/fediz</a></p><h1
id="FedizDownloads-Maven2Repositories">Maven 2 Repositories</h1><p>If you use
Maven for building your applications, all supported Fediz releases are synced
into the maven central repository: <a shape="rect" class="external-link"
href="https://repo1.maven.org/maven2/";
rel="nofollow">https://repo1.maven.org/maven2/</a></p><p><br
clear="none"></p></div>
</div>
Modified: websites/production/cxf/content/fediz-history.html
==============================================================================
--- websites/production/cxf/content/fediz-history.html (original)
+++ websites/production/cxf/content/fediz-history.html Tue Jun 23 09:11:19 2020
@@ -99,7 +99,7 @@ Apache CXF -- Fediz History
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><p><strong>November 27 - Apache CXF Fediz 1.4.6
released</strong></p><p>Apache CXF Fediz 1.4.6 is released. See the <a
shape="rect" href="fediz-downloads.html">download</a> page for more
information.</p><p><strong><strong><strong><strong>October 8, 2018 -
<strong><strong>Apache CXF Fediz 1.4.</strong></strong>5
released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.5 is
released.  New features include supporting custom claims handling
(transformation) in the plugins and SAML SSO support in the Jetty and Spring
security plugins. See the <a shape="rect"
href="https://cwiki.apache.org/confluence/display/CXF/Fediz+Downloads";>download</a>
page for more information.</p><p><strong><strong><strong><strong>June 29, 2018
- <strong><strong>Apache CXF Fediz 1.4.4</strong></strong>
released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.4 has
been released. A new security advisory has been released for an issue that was
fixed in t
his release:</p><ul><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc";>CVE-2018-8038</a>:
Apache CXF Fediz is vulnerable to DTD based XML attacks.</li></ul><p>Release
notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12342255";>1.4.4</a>.</p><p><strong><strong><strong><strong>November
30, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>3 and 1.3.3
released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.3 and
1.3.3 have been released. A new security advisory has been released for an
issue that was fixed in these releases:</p><ul><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc";>CVE-2017-12631</a>: CSRF
vulnerabilities in the Apache CXF Fediz Spring plugins.</li></ul><p>Release
notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNot
e.jspa?projectId=12313420&version=12341612">1.4.3</a> <a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12340453";>1.3.3</a>.</p><p><strong><strong>September
15, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>2
released</strong></strong></p><p>Apache CXF Fediz 1.4.2 has been
released.</p><p>Release notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12341303";>1.4.2</a>.</p><p><strong><strong>August
18, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>1
released</strong></strong></p><p>Apache CXF Fediz 1.4.1 has been
released.</p><p>Release notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12340452";>1.4.1</a>.</p><p><strong><strong>May
16, 2017 - Two new security advisories for Apache CXF Fediz are release
d</strong></strong></p><p>Two new security advisories have been released for
issues that are fixed in the latest releases (1.4.0, 1.3.2 and
1.2.4):</p><ul><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc?version=1&modificationDate=1494949364764&api=v2";>CVE-2017-7661</a>:
The Apache CXF Fediz Jetty and Spring plugins are vulnerable to CSRF
attacks.</li><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc?version=1&modificationDate=1494949377300&api=v2";>CVE-2017-7662</a>:
The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF
attacks</li></ul><p><strong><strong>April 28, 2017 - Apache CXF Fediz 1.4.0,
1.3.2 and 1.2.4 released<br clear="none"></strong></strong></p><p>Apache CXF
Fediz 1.4.0, 1.3.2 and 1.2.4 have been released.</p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&;
amp;version=12338680">1.4.0</a> <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338091";>1.3.2</a>
<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338219";>1.2.4</a>.</p><p><strong><strong><strong>September
8, 2016</strong></strong> - A new security advisory for Apache CXF Fediz
is released</strong></p><p>A security issue was fixed in the latest Fediz
releases (1.3.1 + 1.2.3):</p><ul><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc?version=1&modificationDate=1473350153000&api=v2";>CVE-2016-4464</a>:
Apache CXF Fediz application plugins do not match the SAML AudienceRestriction
values against the list of configured audience URIs</li></ul><p>Please upgrade
to the latest releases as soon as possible.</p><p><strong><strong>September 8,
2016 - Apache CXF Fediz 1.3.1 a
nd 1.2.3 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz
1.3.1 and 1.2.3 have been released.</p><p>Release notes: <a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12335480";>1.3.1</a>
<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12334883";>1.2.3</a></p><p><strong><strong>March
30, 2016 - Apache CXF Fediz 1.3.0 released<br
clear="none"></strong></strong></p><p>Apache CXF Fediz 1.3.0 has been released.
It contains an update to use CXF 3.1.6, a new OpenId Connect based IdP (<a
shape="rect"
href="https://cwiki.apache.org/confluence/display/CXF/Fediz+OIDC";>Fediz
OIDC</a>), support for bridging between the WS-Federation and OpenId Connect
protocols, and support for SAML SSO in the Fediz IdP.</p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa
?projectId=12313420&version=12329721">1.3.0</a></p><p><strong><strong>February
16, 2016 - Apache CXF Fediz 1.2.2 released<br
clear="none"></strong></strong></p><p>Apache CXF Fediz 1.2.2 has been released.
It contains an update to use CXF 3.0.8, some updates to the Websphere plugin, a
fix for some issues relating to caching SAML tokens, and various other bug
fixes.</p><p>Release notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12333156";>1.2.2</a></p><p><strong>August
28, 2015 - A new security advisory for Apache CXF Fediz is
released</strong></p><p>A security issue was fixed in the latest Fediz releases
(1.2.1 + 1.1.3):</p><ul><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2015-5175.txt.asc?version=1&modificationDate=1440598018000&api=v2";>CVE-2015-5175</a>:
Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS)
attacks</li></ul><p><
strong>August 12, 2015 - Apache CXF Fediz 1.2.1 and 1.1.3
released!</strong></p><p>Apache CXF Fediz 1.2.1 has been released. It contains
an update to use Apache CXF 3.0.6, an update to use 2048 bit certificates to
fix some issues with running the examples, support for SAML SSO Metadata in the
IdP, as well as some other issues.</p><p>Apache CXF Fediz 1.1.3 has also been
released. It contains an update to use Apache CXF 2.7.17, a fix for a NPE when
ChainTrust is configured + no Subject is provided, and a dynamic STS realm
parser.</p><p>Release notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12332051";>1.2.1</a>
<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12328874";>1.1.3</a></p><p><strong>April
28, 2015 - Apache CXF Fediz 1.2.0 released!</strong></p><p>Apache CXF Fediz
1.2.0 has been released. It contains an update
to use Apache CXF 3.0.4 as well as a host of new features (see
below).</p><p>Release notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12326043";>1.2.0</a></p><p><strong>October
21, 2014 - Apache CXF Fediz 1.1.2 released!</strong></p><p>Apache CXF Fediz
1.1.2 has been released. It features an update to CXF 2.7.13, as well as
support for an easy to use claim mapping support in the STS, kerberos
authentication support in the IdP, as well as some minor bug
fixes.</p><p>Release notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12327120";>1.1.2</a></p><p><strong>June
16, 2014 - Apache CXF Fediz 1.1.1 and 1.0.4 released!</strong></p><p>Apache
CXF Fediz 1.1.1 and 1.0.4 have been released.</p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=123
13420&version=12325565">1.1.1</a> <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12324084";>1.0.4</a></p><p><strong>November
9, 2013 - Apache CXF Fediz 1.1.0 released!</strong></p><p>Apache CXF Fediz
1.1.0 has been released.</p><p>Release notes: <a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12324084";>1.1.0</a></p><p><strong>February
22, 2013 - Apache CXF Fediz 1.0.3 released</strong></p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12323485";>1.0.3</a></p><p><strong>November
7, 2012 - Apache CXF Fediz 1.0.2 released</strong></p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12323287";>1.0.2</a></p><p><strong>August
28,
2012 - Apache CXF Fediz 1.0.1 released</strong></p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12321857";>1.0.1</a></p><p><strong>June
23, 2012 - Apache CXF Fediz 1.0.0 released</strong></p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12321243";>1.0.0</a></p></div>
+<div id="ConfluenceContent"><p><strong>June 23, 2020 - Apache CXF Fediz 1.5.0
released</strong></p><p>Apache CXF Fediz 1.5.0 is released. This is a
major new release with the following issues fixed: <a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12336848";>https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12336848</a></p><p>The
main changes are:</p><ul><li>The IdP is updated to use Spring Security
4.</li><li>Support is added for Jetty 9.4 + Tomcat 9 plugins</li><li>A fix for
issues that prevented the Tomcat plugin working from versions 8.5.50 and
9.0.30</li><li>The Tomcat 7, Jetty 8, Spring Security 2 + 3 plugins are
removed.</li></ul><p>See the <a shape="rect"
href="https://cwiki.apache.org/confluence/display/CXF/Fediz+Downloads";>download</a>
page for more information.</p><p><strong>November 27, 2019 - Apache CXF Fediz
1.4.6 released</strong></p><p>Apache
CXF Fediz 1.4.6 is released. See the <a shape="rect"
href="fediz-downloads.html">download</a> page for more
information.</p><p><strong><strong><strong><strong>October 8, 2018 -
<strong><strong>Apache CXF Fediz 1.4.</strong></strong>5
released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.5 is
released.  New features include supporting custom claims handling
(transformation) in the plugins and SAML SSO support in the Jetty and Spring
security plugins. See the <a shape="rect"
href="https://cwiki.apache.org/confluence/display/CXF/Fediz+Downloads";>download</a>
page for more information.</p><p><strong><strong><strong><strong>June 29, 2018
- <strong><strong>Apache CXF Fediz 1.4.4</strong></strong>
released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.4 has
been released. A new security advisory has been released for an issue that was
fixed in this release:</p><ul><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2018-8038.
txt.asc">CVE-2018-8038</a>: Apache CXF Fediz is vulnerable to DTD based XML
attacks.</li></ul><p>Release notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12342255";>1.4.4</a>.</p><p><strong><strong><strong><strong>November
30, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>3 and 1.3.3
released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.3 and
1.3.3 have been released. A new security advisory has been released for an
issue that was fixed in these releases:</p><ul><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc";>CVE-2017-12631</a>: CSRF
vulnerabilities in the Apache CXF Fediz Spring plugins.</li></ul><p>Release
notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12341612";>1.4.3</a>
<a shape="rect" class="external-link" href="https
://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12340453">1.3.3</a>.</p><p><strong><strong>September
15, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>2
released</strong></strong></p><p>Apache CXF Fediz 1.4.2 has been
released.</p><p>Release notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12341303";>1.4.2</a>.</p><p><strong><strong>August
18, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>1
released</strong></strong></p><p>Apache CXF Fediz 1.4.1 has been
released.</p><p>Release notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12340452";>1.4.1</a>.</p><p><strong><strong>May
16, 2017 - Two new security advisories for Apache CXF Fediz are
released</strong></strong></p><p>Two new security advisories have been released
for issues that are fixed in the l
atest releases (1.4.0, 1.3.2 and 1.2.4):</p><ul><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc?version=1&modificationDate=1494949364764&api=v2";>CVE-2017-7661</a>:
The Apache CXF Fediz Jetty and Spring plugins are vulnerable to CSRF
attacks.</li><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc?version=1&modificationDate=1494949377300&api=v2";>CVE-2017-7662</a>:
The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF
attacks</li></ul><p><strong><strong>April 28, 2017 - Apache CXF Fediz 1.4.0,
1.3.2 and 1.2.4 released<br clear="none"></strong></strong></p><p>Apache CXF
Fediz 1.4.0, 1.3.2 and 1.2.4 have been released.</p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338680";>1.4.0</a>
<a shape="rect" class="external-link" href="https://issues.apache.org/jira/
secure/ReleaseNote.jspa?projectId=12313420&version=12338091">1.3.2</a> <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338219";>1.2.4</a>.</p><p><strong><strong><strong>September
8, 2016</strong></strong> - A new security advisory for Apache CXF Fediz
is released</strong></p><p>A security issue was fixed in the latest Fediz
releases (1.3.1 + 1.2.3):</p><ul><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc?version=1&modificationDate=1473350153000&api=v2";>CVE-2016-4464</a>:
Apache CXF Fediz application plugins do not match the SAML AudienceRestriction
values against the list of configured audience URIs</li></ul><p>Please upgrade
to the latest releases as soon as possible.</p><p><strong><strong>September 8,
2016 - Apache CXF Fediz 1.3.1 and 1.2.3 released<br
clear="none"></strong></strong></p><p>Apache CXF Fediz 1.3.1 and 1.2.3 have
been relea
sed.</p><p>Release notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12335480";>1.3.1</a>
<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12334883";>1.2.3</a></p><p><strong><strong>March
30, 2016 - Apache CXF Fediz 1.3.0 released<br
clear="none"></strong></strong></p><p>Apache CXF Fediz 1.3.0 has been released.
It contains an update to use CXF 3.1.6, a new OpenId Connect based IdP (<a
shape="rect"
href="https://cwiki.apache.org/confluence/display/CXF/Fediz+OIDC";>Fediz
OIDC</a>), support for bridging between the WS-Federation and OpenId Connect
protocols, and support for SAML SSO in the Fediz IdP.</p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12329721";>1.3.0</a></p><p><strong><strong>February
16, 2016 - Apache CXF Fe
diz 1.2.2 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz
1.2.2 has been released. It contains an update to use CXF 3.0.8, some updates
to the Websphere plugin, a fix for some issues relating to caching SAML tokens,
and various other bug fixes.</p><p>Release notes: <a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12333156";>1.2.2</a></p><p><strong>August
28, 2015 - A new security advisory for Apache CXF Fediz is
released</strong></p><p>A security issue was fixed in the latest Fediz releases
(1.2.1 + 1.1.3):</p><ul><li><a shape="rect"
href="http://cxf.apache.org/security-advisories.data/CVE-2015-5175.txt.asc?version=1&modificationDate=1440598018000&api=v2";>CVE-2015-5175</a>:
Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS)
attacks</li></ul><p><strong>August 12, 2015 - Apache CXF Fediz 1.2.1 and 1.1.3
released!</strong></p><p>Apache CXF Fediz 1.2.1 h
as been released. It contains an update to use Apache CXF 3.0.6, an update to
use 2048 bit certificates to fix some issues with running the examples, support
for SAML SSO Metadata in the IdP, as well as some other issues.</p><p>Apache
CXF Fediz 1.1.3 has also been released. It contains an update to use Apache CXF
2.7.17, a fix for a NPE when ChainTrust is configured + no Subject is provided,
and a dynamic STS realm parser.</p><p>Release notes: <a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12332051";>1.2.1</a>
<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12328874";>1.1.3</a></p><p><strong>April
28, 2015 - Apache CXF Fediz 1.2.0 released!</strong></p><p>Apache CXF Fediz
1.2.0 has been released. It contains an update to use Apache CXF 3.0.4 as well
as a host of new features (see below).</p><p>Release notes: <a shape="rect
" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12326043";>1.2.0</a></p><p><strong>October
21, 2014 - Apache CXF Fediz 1.1.2 released!</strong></p><p>Apache CXF Fediz
1.1.2 has been released. It features an update to CXF 2.7.13, as well as
support for an easy to use claim mapping support in the STS, kerberos
authentication support in the IdP, as well as some minor bug
fixes.</p><p>Release notes: <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12327120";>1.1.2</a></p><p><strong>June
16, 2014 - Apache CXF Fediz 1.1.1 and 1.0.4 released!</strong></p><p>Apache
CXF Fediz 1.1.1 and 1.0.4 have been released.</p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12325565";>1.1.1</a>
<a shape="rect" class="external-link" href="https://issues.apache.org
/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12324084">1.0.4</a></p><p><strong>November
9, 2013 - Apache CXF Fediz 1.1.0 released!</strong></p><p>Apache CXF Fediz
1.1.0 has been released.</p><p>Release notes: <a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12324084";>1.1.0</a></p><p><strong>February
22, 2013 - Apache CXF Fediz 1.0.3 released</strong></p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12323485";>1.0.3</a></p><p><strong>November
7, 2012 - Apache CXF Fediz 1.0.2 released</strong></p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12323287";>1.0.2</a></p><p><strong>August
28, 2012 - Apache CXF Fediz 1.0.1 released</strong></p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12321857";>1.0.1</a></p><p><strong>June
23, 2012 - Apache CXF Fediz 1.0.0 released</strong></p><p>Release notes: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12321243";>1.0.0</a></p></div>
</div>
<!-- Content -->
</td>
Modified: websites/production/cxf/content/fediz.html
==============================================================================
--- websites/production/cxf/content/fediz.html (original)
+++ websites/production/cxf/content/fediz.html Tue Jun 23 09:11:19 2020
@@ -99,7 +99,7 @@ Apache CXF -- Fediz
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h1
id="Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFramework">Apache CXF Fediz:
An Open-Source Web Security Framework</h1><h2
id="Fediz-Overview">Overview</h2><p>Apache CXF Fediz is a subproject of CXF.
Fediz helps you to secure your web applications and delegates security
enforcement to the underlying application server. With Fediz, authentication is
externalized from your web application to an identity provider installed as a
dedicated server component. Apache CXF Fediz supports both <a shape="rect"
class="external-link"
href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002";
rel="nofollow">WS-Federation Passive Requestor Profile</a> and the <a
shape="rect" class="external-link"
href="https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf";
rel="nofollow">SAML Web Browser SSO Profile</a>. Fediz supports <a shape="rect"
class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_
identity" rel="nofollow">Claims Based Access Control</a> beyond Role Based
Access Control (RBAC).</p><h2
id="Fediz-News">News</h2><p><strong><strong><strong><strong>November 27 -
Apache CXF Fediz 1.4.6
released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.6 is
released. See the <a shape="rect" href="fediz-downloads.html">download</a> page
for more information.</p><p><strong><strong><strong><strong><strong>October 8,
2018 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>5
released</strong></strong></strong></strong></strong></p><p>Apache CXF Fediz
1.4.5 is released.  New features include supporting custom claims handling
(transformation) in the plugins and SAML SSO support in the Jetty and Spring
security plugins. See the <a shape="rect"
href="fediz-downloads.html">download</a> page for more information.</p><h2
id="Fediz-Download">Download</h2><p>See <a shape="rect"
href="fediz-downloads.html">here</a>.</p><h2 id="Fediz-ProjectSource">Project
Source</h2
><p>The Apache CXF Fediz sources are hosted at <a shape="rect"
>class="external-link" href="https://gitbox.apache.org/";>Apache gitbox</a>.
>This includes a full two way sync with github. As github provides the nicer
>user interface we now recommend to directly work on the github cxf
>repo.</p><ul><li>Web Browsing: <a shape="rect" class="external-link"
>href="https://github.com/apache/cxf-fediz";
>rel="nofollow">https://github.com/apache/cxf-fediz</a></li><li>Checking out
>from GIT: git clone [email protected]:apache/cxf-fediz.git</li></ul><p>CXF
>committers can directly commit to github after doing the <a shape="rect"
>class="external-link"
>href="https://gitbox.apache.org/setup/";>Apache gitbox setup</a>. Be
>aware that the sync might take half an hour before you are added to the CXF
>github group.</p><ul><li>Forking and Pull Requests: See <a shape="rect"
>href="getting-involved.html">Getting Involved</a></li><li>Building the
>Source: Follow the <a shape="rect" class="external-lin
k" href="https://github.com/apache/cxf-fediz/blob/master/BUILDING.txt";
rel="nofollow">BUILDING.txt</a> file in the Fediz download for full build
instructions.</li><li>Eclipse: See <a shape="rect"
href="http://cxf.apache.org/setting-up-eclipse.html";>this page</a> for
information on using the Eclipse IDE with the Fediz source code. This page is
created for CXF but the same commands are applicable for Fediz
too.</li></ul><h2 id="Fediz-ApacheCXFFedizuserguide">Apache CXF Fediz user
guide</h2><ul><li><a shape="rect"
href="fediz-introduction.html">Introduction</a></li><li><a shape="rect"
href="fediz-architecture.html">Fediz Architecture</a></li><li>Relying Party
Containers<br clear="none"><ul><li><a shape="rect"
href="fediz-configuration.html">Fediz Configuration</a></li><li><a shape="rect"
href="fediz-extensions.html">Fediz Extensions</a></li><li><a shape="rect"
href="fediz-tomcat.html">Apache Tomcat</a></li><li><a shape="rect"
href="fediz-jetty.html">Jetty<br clear="none"></a></li><li><
a shape="rect" href="fediz-spring.html">Spring Security<br
clear="none"></a></li><li><a shape="rect"
href="fediz-websphere.html">Websphere<br clear="none"></a></li><li><a
shape="rect" href="fediz-cxf.html">Apache CXF<br
clear="none"></a></li></ul></li><li><a shape="rect"
href="fediz-idp-11.html">Fediz IdP</a></li><li><a shape="rect"
href="fediz-idp-10.html">Fediz IdP 1.0</a> (deprecated)</li><li><a shape="rect"
href="fediz-metadata.html">Fediz Metadata</a></li><li><a shape="rect"
href="fediz-samples.html">Fediz Samples</a></li><li><a shape="rect"
href="fediz-articles.html">Fediz Articles</a></li><li><a shape="rect"
href="fediz-history.html">Fediz History</a></li></ul><p><br
clear="none"></p></div>
+<div id="ConfluenceContent"><h1
id="Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFramework">Apache CXF Fediz:
An Open-Source Web Security Framework</h1><h2
id="Fediz-Overview">Overview</h2><p>Apache CXF Fediz is a subproject of CXF.
Fediz helps you to secure your web applications and delegates security
enforcement to the underlying application server. With Fediz, authentication is
externalized from your web application to an identity provider installed as a
dedicated server component. Apache CXF Fediz supports both <a shape="rect"
class="external-link"
href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002";
rel="nofollow">WS-Federation Passive Requestor Profile</a> and the <a
shape="rect" class="external-link"
href="https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf";
rel="nofollow">SAML Web Browser SSO Profile</a>. Fediz supports <a shape="rect"
class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_
identity" rel="nofollow">Claims Based Access Control</a> beyond Role Based
Access Control (RBAC).</p><h2 id="Fediz-News">News</h2><p><strong>June 23, 2020
- Apache CXF Fediz 1.5.0 released</strong></p><p>Apache CXF Fediz 1.5.0 is
released. This is a major new release with the following issues fixed: <a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12336848";>https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12336848</a></p><p>The
main changes are:</p><ul><li>The IdP is updated to use Spring Security
4.</li><li>Support is added for Jetty 9.4 + Tomcat 9 plugins</li><li>A fix for
issues that prevented the Tomcat plugin working from versions 8.5.50 and
9.0.30</li><li>The Tomcat 7, Jetty 8, Spring Security 2 + 3 plugins are
removed.</li></ul><p>See the <a shape="rect"
href="fediz-downloads.html">download</a> page for more
information.</p><p><strong><strong><strong
><strong>November 27, 2019 - Apache CXF Fediz 1.4.6
>released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.6 is
>released. See the <a shape="rect" href="fediz-downloads.html">download</a>
>page for more information.</p><h2 id="Fediz-Download">Download</h2><p>See <a
>shape="rect" href="fediz-downloads.html">here</a>.</p><h2
>id="Fediz-ProjectSource">Project Source</h2><p>The Apache CXF Fediz sources
>are hosted at <a shape="rect" class="external-link"
>href="https://gitbox.apache.org/";>Apache gitbox</a>. This includes a full two
>way sync with github. As github provides the nicer user interface we now
>recommend to directly work on the github cxf repo.</p><ul><li>Web Browsing:
><a shape="rect" class="external-link"
>href="https://github.com/apache/cxf-fediz";
>rel="nofollow">https://github.com/apache/cxf-fediz</a></li><li>Checking out
>from GIT: git clone [email protected]:apache/cxf-fediz.git</li></ul><p>CXF
>committers can directly commit to github after doing the <a shap
e="rect" class="external-link"
href="https://gitbox.apache.org/setup/";>Apache gitbox setup</a>. Be aware
that the sync might take half an hour before you are added to the CXF github
group.</p><ul><li>Forking and Pull Requests: See <a shape="rect"
href="getting-involved.html">Getting Involved</a></li><li>Building the Source:
Follow the <a shape="rect" class="external-link"
href="https://github.com/apache/cxf-fediz/blob/master/BUILDING.txt";
rel="nofollow">BUILDING.txt</a> file in the Fediz download for full build
instructions.</li><li>Eclipse: See <a shape="rect"
href="http://cxf.apache.org/setting-up-eclipse.html";>this page</a> for
information on using the Eclipse IDE with the Fediz source code. This page is
created for CXF but the same commands are applicable for Fediz
too.</li></ul><h2 id="Fediz-ApacheCXFFedizuserguide">Apache CXF Fediz user
guide</h2><ul><li><a shape="rect"
href="fediz-introduction.html">Introduction</a></li><li><a shape="rect"
href="fediz-architecture.h
tml">Fediz Architecture</a></li><li>Relying Party Containers<br
clear="none"><ul><li><a shape="rect" href="fediz-configuration.html">Fediz
Configuration</a></li><li><a shape="rect" href="fediz-extensions.html">Fediz
Extensions</a></li><li><a shape="rect" href="fediz-tomcat.html">Apache
Tomcat</a></li><li><a shape="rect" href="fediz-jetty.html">Jetty<br
clear="none"></a></li><li><a shape="rect" href="fediz-spring.html">Spring
Security<br clear="none"></a></li><li><a shape="rect"
href="fediz-websphere.html">Websphere<br clear="none"></a></li><li><a
shape="rect" href="fediz-cxf.html">Apache CXF<br
clear="none"></a></li></ul></li><li><a shape="rect"
href="fediz-idp-11.html">Fediz IdP</a></li><li><a shape="rect"
href="fediz-idp-10.html">Fediz IdP 1.0</a> (deprecated)</li><li><a shape="rect"
href="fediz-metadata.html">Fediz Metadata</a></li><li><a shape="rect"
href="fediz-samples.html">Fediz Samples</a></li><li><a shape="rect"
href="fediz-articles.html">Fediz Articles</a></li><li><a shape
="rect" href="fediz-history.html">Fediz History</a></li></ul><p><br
clear="none"></p></div>
</div>
<!-- Content -->
</td>
