Christopher created RAMPART-446:
-----------------------------------
Summary: Rampart uses vulnerable version of WSS4J
Key: RAMPART-446
URL: https://issues.apache.org/jira/browse/RAMPART-446
Project: Rampart
Issue Type: Bug
Affects Versions: 1.7.1
Reporter: Christopher
Apache WSS4J has some security issues that have been known since 2015. See
[https://ws.apache.org/wss4j/security_advisories.html] Both are against any
version of Apache WSS4J below version 1.6.17. Looking at the pom.xml file for
Apache Rampart on version 1.7.1, it appears that Rampart pulls down version
1.6.16, and hence is vulnerable.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
