[
https://issues.apache.org/jira/browse/CXF-5565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13903494#comment-13903494
]
Daniel Kulp commented on CXF-5565:
----------------------------------
Yea, but the poms need some work before going to central. They do some awful
things like having a xerces jar in a different groupId than the official xerces
versions from the xerces project. Thus, you get multiple versions of xerces
pulled in. Other equally bad and strange things. Generally, I grab the jars
and sha1/md5/asc for the jars from them, but then use new/fixed poms signed by
me. Takes some time, but it's important to get right.
Note that this also requires the openws and xmltooling jars that go with it.
> update to opensaml 2.6.1
> ------------------------
>
> Key: CXF-5565
> URL: https://issues.apache.org/jira/browse/CXF-5565
> Project: CXF
> Issue Type: Task
> Reporter: Jonathan Anstey
> Attachments: CXF-5565.patch
>
>
> Fixes CVE-2013-6440. Waiting for SMX bundles release to complete first though.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
