Spring til login

Digitaliser.dk

Sektioner

Aktuel side

Gruppens profilbillede

OIOSAML

305 medlemmer | Medlemsskab via fri tilmelding (Bliv medlem - kræver login )

oiosaml.java 8330

Ansvarlig: Brian Graversen
Version: 8330 - Publiceret: 03.08.2011 09:44
Type: Software

OBS! Der findes en nyere version af den valgte ressource. Klik her for at se den nyeste version.

A vulnerability has been found in OpenSAML, a so-called XML Signature Wrapping attack. The vulnerability affects OIOSAML.java, since OpenSAML is used in the OIOSAML.java filter. It is neccesary to upgrade to the newest version of the OpenSAML library as well as the newest version of OIOSAML.java.

Details about the security issue in OpenSAML can be found here

http://secunia.com/advisories/45385

Upgrade Instructions
No changes has been made to the OIOSAML.java configuration since the last release, so the upgrade can be performanced simply by upgrading the bundled JAR packages. The following steps needs to be performed

1) Download the latest version of OIOSAML.java (link below)
2) Unzip the file - The following files are relevant for the upgrade

  oiosaml.java-8330.jar
  lib/*.jar

Since the last release of OIOSAML.java, only the following files under 'lib' has been changed, and only these files are neccesary for an incremental upgrade

  esapi-2.0GA.jar (new dependency)
  opensaml-2.3.1.jar -> opensaml-2.5.1.jar
  openws-wstrust.jar -> openws-1.4.2.jar
  xmltooling-1.2.1.jar -> xmltooling-1.3.2.jar

3) The files (oiosaml, OpenSAML and OpenSAMLs dependencies) needs to be added as dependencies to the application that uses OIOSAML.java - old versions of these files needs to be deleted.

4) When the application has been rebuild, the files are expected to be located under WEB-INF/lib - and it is recommended to verify that the new files are indeed part of the final build, and that any old versions are deleted. The demo-application bundled with OIOSAML.java can be used as a reference-point for this.

NemLog-in
Service Providers connected to the NemLog-in IdP will receive information about this upgrade from the NemLog-in support in SKAT

Flere oplysninger

Udvid boks
Licens
  • Mozilla Public License version 1.1
Operativsystem
  • Alle platforme
Programmeringssprog
  • Java
Producent(er)
  • IT- og Telestyrelsen
  • Trifork A/S
Unikt id:
558455

Artefakter

Filer og referencer
Titel Type
oiosaml.java-8330.zip application/octet-stream Download Vis supplerende information ...

Klassifikationer

Indlæg til ressource

Ønsker du at skrive indlæg eller blot kommentere indlæg,
skal du være oprettet som bruger og logget ind.

Opret dig som Ny bruger    eller Log ind    

Tilføj fil(er)

En ny fil vil overskrive en eksisterende fil, hvis begge filer har samme navn og samme ekstension.

Tags

Tilføj dine egne tags

- (kræver login)

Andre brugeres tags til ressourcen

Der er ikke tilknyttet tags fra andre brugere

Minimér boks
Versioner
Version Dato
9918 25.04.2012 11:28 Vis supplerende information ...
9914 11.04.2012 14:10 Vis supplerende information ...
9352 01.12.2011 14:53 Vis supplerende information ...
8501 16.08.2011 13:25 Vis supplerende information ...
8330 (valgte) 03.08.2011 09:44 Vis supplerende information ...
5922 25.11.2010 09:43 Vis supplerende information ...
5681 14.09.2010 13:56 Vis supplerende information ...
5645 06.09.2010 10:40 Vis supplerende information ...
5546 03.09.2010 13:25 Vis supplerende information ...
5354 03.09.2010 13:22 Vis supplerende information ...
5272 03.09.2010 13:20 Vis supplerende information ...
5076 03.09.2010 13:10 Vis supplerende information ...
4544 03.09.2010 13:06 Vis supplerende information ...
4540 03.09.2010 13:03 Vis supplerende information ...
4340 03.09.2010 12:59 Vis supplerende information ...
4249 03.09.2010 12:56 Vis supplerende information ...
4195 03.09.2010 11:28 Vis supplerende information ...
4141 03.09.2010 11:26 Vis supplerende information ...
4126 03.09.2010 11:23 Vis supplerende information ...
3988 03.09.2010 11:18 Vis supplerende information ...
3862 03.09.2010 11:15 Vis supplerende information ...
3747 03.09.2010 11:13 Vis supplerende information ...
3196 03.09.2010 10:57 Vis supplerende information ...
11442 10.02.2014 10:55 Vis supplerende information ...
11330 21.10.2013 09:58 Vis supplerende information ...
11220 06.09.2013 09:21 Vis supplerende information ...
11147 18.07.2013 15:55 Vis supplerende information ...

Digitaliseringsstyrelsen