[
https://issues.apache.org/jira/browse/WSS-305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13080131#comment-13080131
]
David Morris commented on WSS-305:
----------------------------------
FYI
A recent security advisory on Shibboleth’s site regarding versions of OpenSAML
prior to 2.5.1:
http://shibboleth.internet2.edu/secadv/secadv_20110725.txt
Basically this indicates a detected XML Signature Wrapping vulnerability which
exists in the version of OpenSAML we are using, which is 2.4.1 and their
recommendation is to upgrade to the corrected version 2.5.1 from
https://wiki.shibboleth.net/confluence/display/SHIB2/IdP2Upgrade.
> Migrate to OpenSaml2 2.5.1 from 2.4.1
> -------------------------------------
>
> Key: WSS-305
> URL: https://issues.apache.org/jira/browse/WSS-305
> Project: WSS4J
> Issue Type: Improvement
> Affects Versions: 1.6.1
> Environment: Apache Maven 3.0.3 (r1075438; 2011-02-28 12:31:09-0500)
> Maven home: C:\Java\apache-maven-3.0.3\bin\..
> Java version: 1.6.0_24, vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\jdk1.6.0_24\jre
> Default locale: en_US, platform encoding: Cp1252
> OS name: "windows 7", version: "6.1", arch: "amd64", family: "windows"
> Reporter: Gary D. Gregory
> Assignee: Colm O hEigeartaigh
>
> We are implementing SAML solutions and I want to make sure we can do whatever
> our customers need.
> Migrate to OpenSaml2 2.5.1 from 2.4.1.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
