Loading...

XML

Word

Printable

Details

Type: Component Upgrade
Resolution: Done-Errata
Priority: Major
Fix Version/s: 7.4.15.CR1, 7.4.15.GA
Affects Version/s: None
Component/s: Web Services
Labels:
- upstream-linked

Blocked:
False
Blocked Reason:
None
Ready:
False
Target Release:

7.4.z.GA
Git Pull Request:
https://github.com/jbossas/jboss-eap7/pull/4622

SFDC Cases Counter:
SFDC Cases Links:

Description

Upgrade santuario(xmlsec) from 2.2.3 to 2.2.6 .

Release notes : https://issues.apache.org/jira/projects/SANTUARIO/versions/12353074

This upgrade includes the fix for CVE-2023-44483: Apache Santuario: Private Key disclosure in debug-log output

(https://nvd.nist.gov/vuln/detail/CVE-2023-44483)

Tag: https://github.com/apache/santuario-xml-security-java/releases/tag/xmlsec-2.2.6
Dif: https://github.com/apache/santuario-xml-security-java/compare/xmlsec-2.2.3...xmlsec-2.2.6
Hash: a6fdd4a275fdf6b50fb5c0a8edef5be7c6e7347c

Attachments

Issue Links

clones

JBEAP-25943 Upgrade santuario to 3.0.3

Closed

links to

RHSA-2023:120424 Red Hat JBoss Enterprise Application Platform 7.4.15 Security update

RHSA-2023:120425 Red Hat JBoss Enterprise Application Platform 7.4.15 Security update

RHSA-2023:120426 Red Hat JBoss Enterprise Application Platform 7.4.15Security update

RHSA-2023:120429 Red Hat JBoss Enterprise Application Platform 7.4.15 Security update

Activity

People

Assignee:: Jim Ma

Reporter:: Jim Ma

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2023/10/24 4:19 AM

Updated:: 2024/02/06 7:55 PM

Resolved:: 2024/02/06 7:52 PM