On Friday, February 24, 2012 11:43:30 PM Willem Jiang wrote: > Hi, > > As you know CXF 2.5.3-SNAPSHOT is moving to use WSS4j 1.6.5-SNAPSHOT > I'm trying to install the WSS4J feature of CXF-2.5.3-SNAPSHOT, and I get > the complain about packages of xmlsec cannot be resolved. > > I compared the META-INF of the WSS4J 1.6.5-SNAPSHOT and WSS4j 1.6.4 and > found the imports package of xmlsec was changed from optional resolution > to [1.5, 2). > > Is there any reason to introduce these changes in WSS4J?
Yes. 1.5 is needed to provide some new algorithms and such to provide solutions for some potential vulnerabilities. > If it is necessary, we need to update the feature file to add the new > version of xmlsec dependency accordingly. Version 1.5.1 of xmlsec was just released this morning: http://s.apache.org/KJf Once that hit's central, we should update to use it. -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
