[jira] [Resolved] (RAMPART-446) Rampart uses vulnerable version of WSS4J

Andreas Veithen (JIRA) Thu, 07 Mar 2019 15:28:58 -0800


     [ 
https://issues.apache.org/jira/browse/RAMPART-446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andreas Veithen resolved RAMPART-446.
-------------------------------------
       Resolution: Fixed
    Fix Version/s: 1.7.2

> Rampart uses vulnerable version of WSS4J
> ----------------------------------------
>
>                 Key: RAMPART-446
>                 URL: https://issues.apache.org/jira/browse/RAMPART-446
>             Project: Rampart
>          Issue Type: Bug
>    Affects Versions: 1.7.1
>            Reporter: Christopher
>            Priority: Critical
>             Fix For: 1.7.2
>
>
> Apache WSS4J has some security issues that have been known since 2015.  See 
> [https://ws.apache.org/wss4j/security_advisories.html] Both are against any 
> version of Apache WSS4J below version 1.6.17.  Looking at the pom.xml file 
> for Apache Rampart on version 1.7.1, it appears that Rampart pulls down 
> version 1.6.16, and hence is vulnerable.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Resolved] (RAMPART-446) Rampart uses vulnerable version of WSS4J

Reply via email to