[
https://issues.apache.org/jira/browse/CXF-5565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13906615#comment-13906615
]
Willem Jiang commented on CXF-5565:
-----------------------------------
opensaml dependency is introduced by wss4j, so the patch just help with the CXF
feature.
In CXF 2.7.x and CXF 2.6.x branch, the wss4j is 1.6.14, it is not simple to
upgrade the opensaml version from the parent/pom.xml.
My question is do we have any plan to address it in new version of wss4j 1.6.x?
> update to opensaml 2.6.1
> ------------------------
>
> Key: CXF-5565
> URL: https://issues.apache.org/jira/browse/CXF-5565
> Project: CXF
> Issue Type: Task
> Reporter: Jonathan Anstey
> Assignee: Willem Jiang
> Attachments: CXF-5565.patch
>
>
> Fixes CVE-2013-6440. Waiting for SMX bundles release to complete first though.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
