OBS! Der findes en nyere version af den valgte ressource. Klik her for at se den nyeste version.
A vulnerability has been found in OpenSAML, a so-called XML Signature Wrapping attack. The vulnerability affects OIOSAML.java, since OpenSAML is used in the OIOSAML.java filter. It is neccesary to upgrade to the newest version of the OpenSAML library as well as the newest version of OIOSAML.java.Details about the security issue in OpenSAML can be found herehttp://secunia.com/advisories/45385Upgrade InstructionsNo changes has been made to the OIOSAML.java configuration since the last release, so the upgrade can be performanced simply by upgrading the bundled JAR packages. The following steps needs to be performed1) Download the latest version of OIOSAML.java (link below)2) Unzip the file - The following files are relevant for the upgrade oiosaml.java-8330.jar lib/*.jarSince the last release of OIOSAML.java, only the following files under 'lib' has been changed, and only these files are neccesary for an incremental upgrade esapi-2.0GA.jar (new dependency) opensaml-2.3.1.jar -> opensaml-2.5.1.jar openws-wstrust.jar -> openws-1.4.2.jar xmltooling-1.2.1.jar -> xmltooling-1.3.2.jar3) The files (oiosaml, OpenSAML and OpenSAMLs dependencies) needs to be added as dependencies to the application that uses OIOSAML.java - old versions of these files needs to be deleted.4) When the application has been rebuild, the files are expected to be located under WEB-INF/lib - and it is recommended to verify that the new files are indeed part of the final build, and that any old versions are deleted. The demo-application bundled with OIOSAML.java can be used as a reference-point for this.NemLog-inService Providers connected to the NemLog-in IdP will receive information about this upgrade from the NemLog-in support in SKAT
Ønsker du at skrive indlæg eller blot kommentere indlæg,
skal du være oprettet som bruger og logget ind.
En ny fil vil overskrive en eksisterende fil, hvis begge filer har samme navn og samme ekstension.
- (kræver login)
Der er ikke tilknyttet tags fra andre brugere