tag:blogger.com,1999:blog-7391783704166348052.post5585010453441414078..comments2024-03-15T22:26:58.542-07:00Comments on Open Source Security: Two new security advisories released for Apache WSS4JColm O hEigeartaighhttp://www.blogger.com/profile/10711987281965801793noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-7391783704166348052.post-71637305931099256192016-01-04T02:37:23.998-08:002016-01-04T02:37:23.998-08:00"requireSignedEncryptedDataElements" is ..."requireSignedEncryptedDataElements" is set to false by default, so unless you are configuring it, it doesn't affect you. See: http://ws.apache.org/wss4j/config.html<br /><br />WSS4J 1.6.4 is quite old and has multiple security advisories, I recommend upgrading.Colm O hEigeartaighhttps://www.blogger.com/profile/10711987281965801793noreply@blogger.comtag:blogger.com,1999:blog-7391783704166348052.post-42376028769701072432015-12-28T21:50:13.843-08:002015-12-28T21:50:13.843-08:00what is the impact of 0227? how do i ensure i am u...what is the impact of 0227? how do i ensure i am using requireSignedEncryptedDataElements or not?<br />i am using wss4j 1.6.4weimahttps://www.blogger.com/profile/13250647442722796831noreply@blogger.com