[
https://issues.apache.org/jira/browse/CXF-8835?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated CXF-8835:
-------------------------------------
Fix Version/s: 3.5.6
(was: 3.5.5)
> Upgrade to Spring 5.3.26
> ------------------------
>
> Key: CXF-8835
> URL: https://issues.apache.org/jira/browse/CXF-8835
> Project: CXF
> Issue Type: Improvement
> Reporter: Ashok Pai
> Priority: Major
> Fix For: 3.5.6
>
>
> Spring framework contains a security bypass vulnerability when {{**}} is used
> as a pattern in Spring Security configuration with the {{mvcRequestMatcher}}
> component. The potential for security bypass exists due to the mismatch in
> pattern matching between Spring Security and Spring MVC and this has been
> fixed in 5.3.26.
> Apache cxf 3.5.5 is present with spring version 5.3.22. Please provide
> updated Apache CXF with latest (5.3.26) spring framework jars/classes.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
