[jira] [Commented] (CXF-5565) update to opensaml 2.6.1

Colm O hEigeartaigh (JIRA) Mon, 24 Feb 2014 01:54:07 -0800

    [ 
https://issues.apache.org/jira/browse/CXF-5565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13910153#comment-13910153
 ]


Colm O hEigeartaigh commented on CXF-5565:
------------------------------------------


We can't upgrade WSS4J 1.6.x to use Opensaml 2.6.x, as WSS4J 1.6 still supports 
JDK 1.5 whereas Opensaml 2.6.x does not. If we are to upgrade CXF alone, at the 
very least we need to have the same exclusions that WSS4J has - we don't 
require most of the dependencies of Opensaml.

Colm.

> update to opensaml 2.6.1
> ------------------------
>
>                 Key: CXF-5565
>                 URL: https://issues.apache.org/jira/browse/CXF-5565
>             Project: CXF
>          Issue Type: Task
>            Reporter: Jonathan Anstey
>            Assignee: Willem Jiang
>         Attachments: CXF-5565.patch
>
>
> Fixes CVE-2013-6440. Waiting for SMX bundles release to complete first though.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

[jira] [Commented] (CXF-5565) update to opensaml 2.6.1

Reply via email to