>From the peanut gallery: It seems to me that such emails should have links to the CXF website and download page.
Also, most people reading the announce@ list will have no idea what CXF is about. Announce mails should include a brief summary of the project (as you have done for Fediz). On 30 November 2017 at 11:05, Colm O hEigeartaigh <[email protected]> wrote: > Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web > applications and delegates security enforcement to the underlying > application server. > > Apache CXF Fediz 1.4.3 and 1.3.3 are released along with a new security > advisory that is fixed in these releases: > > CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins. > > http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc > > Users who are using the Spring security plugins of Apache CXF Fediz should > upgrade immediately to the latest releases. > > Colm. > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
