Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

After applying below patches, WSO2 products correctly validate SAML responses and assertions in SAML consumer applications and avoid possible XML Signature Wrapping (XSW) attacks.

Apply the following patches based on your products by following the instructions in the README file.

if you have any questions, post them to security@wso2.com

Please download the relevant patches based on the products you use following the matrix below. Patches can also be downloaded from http://wso2.com/security-patch-releases/.

 

Code

Product

Version

Patch

APIM

WSO2 API Manager

2.0.0

WSO2-CARBON-PATCH-4.4.0-0327    

WSO2-CARBON-PATCH-4.4.0-0365

WSO2-CARBON-PATCH-4.4.0-0366

APIM Analytics

WSO2 API Manager Analytics

2.0.0

WSO2-CARBON-PATCH-4.4.0-0366

APPM

WSO2 App Manager

1.2.0

WSO2-CARBON-PATCH-4.4.0-0326

WSO2-CARBON-PATCH-4.4.0-0327

WSO2-CARBON-PATCH-4.4.0-0365

WSO2-CARBON-PATCH-4.4.0-0339

AS

WSO2 Application Server

5.3.0

WSO2-CARBON-PATCH-4.4.0-0354

WSO2-CARBON-PATCH-4.4.0-0347

BPS

WSO2 Business Process Server

3.5.1

WSO2-CARBON-PATCH-4.4.0-0352

BRS

WSO2 Business Rules Server

2.2.0

WSO2-CARBON-PATCH-4.4.0-0329

CEP

WSO2 Complex Event Processor

4.1.0

WSO2-CARBON-PATCH-4.4.0-0329

DAS

WSO2 Data Analytics Server

3.0.1

WSO2-CARBON-PATCH-4.4.0-0329

WSO2-CARBON-PATCH-4.4.0-0348

DS

WSO2 Dashboard Server

2.0.0

WSO2-CARBON-PATCH-4.4.0-0329

WSO2-CARBON-PATCH-4.4.0-0331

WSO2-CARBON-PATCH-4.4.0-0355

WSO2-CARBON-PATCH-4.4.0-0340

DSS

WSO2 Data Services Server

3.5.0

WSO2-CARBON-PATCH-4.4.0-0353

EMM

WSO2 Enterprise Mobility Manager

2.0.1

WSO2-CARBON-PATCH-4.4.0-0329

WSO2-CARBON-PATCH-4.4.0-0331

WSO2-CARBON-PATCH-4.4.0-0355

WSO2-CARBON-PATCH-4.4.0-0358

IS

WSO2 Identity Server

5.1.0

WSO2-CARBON-PATCH-4.4.0-0329

WSO2-CARBON-PATCH-4.4.0-0331

WSO2-CARBON-PATCH-4.4.0-0355

MB

WSO2 Message Broker

3.1.0

WSO2-CARBON-PATCH-4.4.0-0353

ML

WSO2 Machine Learner

1.1.0

WSO2-CARBON-PATCH-4.4.0-0353

 

...