[RAMPART-446] Rampart uses vulnerable version of WSS4J - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.7.1
Fix Version/s: 1.7.2
Component/s: None
Labels:
None

Description

Apache WSS4J has some security issues that have been known since 2015. See https://ws.apache.org/wss4j/security_advisories.html Both are against any version of Apache WSS4J below version 1.6.17. Looking at the pom.xml file for Apache Rampart on version 1.7.1, it appears that Rampart pulls down version 1.6.16, and hence is vulnerable.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Christopher

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Feb/19 17:23

Updated:: 07/Mar/19 23:19

Resolved:: 07/Mar/19 23:19