Apache CXF Fediz (http://cxf.apache.org/fediz) is a subproject of Apache CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component.
The Apache CXF Fediz team is pleased to announce the release of version 1.4.4, which is available for download here: http://cxf.apache.org/fediz-downloads.html This release contains a fix for a new security advisory: CVE-2018-8038: Apache CXF Fediz is vulnerable to DTD based XML attacks The advisory text is available at this location: http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc Please also refer to the CXF security advisories page: http://cxf.apache.org/security-advisories.html -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
