Four new security advisories have been disclosed for Apache CXF. They are: * CVE-2014-0109: HTML content posted to SOAP endpoint could cause OOM errors * CVE-2014-0110: Large invalid content could cause temporary space to fill * CVE-2014-0034: The SecurityTokenService accepts certain invalid SAML Tokens as valid * CVE-2014-0035: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
Please see the security advisories page of Apache CXF for more information: http://cxf.apache.org/security-advisories.html Users are strongly encouraged to upgrade to the latest releases (2.6.14 and 2.7.11). Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
