...
Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. The supported standard is WS-Federation Passive Requestor Profile. Fediz supports Claims Based Access Control beyond Role Based Access Control (RBAC).
News
August 28, 2015 - A new security advisory for Apache CXF Fediz is released
A security issue was fixed in the latest Fediz releases (1.2.1 + 1.1.3):
- CVE-2015-5175: Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks
Please upgrade to the latest releases as soon as possible.
August 12, 2015 - Apache CXF Fediz 1.2.1 and 1.1.3 released!
...