USN-5525-1: Apache XML Security for Java vulnerability
20 July 2022
Apache XML Security for Java could be made to expose sensitive information.
- libxml-security-java - Apache XML Security for Java
It was discovered that Apache XML Security for Java incorrectly passed a
configuration property when creating specific key elements. This allows an
attacker to abuse an XPath Transform to extract sensitive information.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.