This bundle exports org.apache.commons.ssl required by xmltooling (transitively via opensaml 2.6.6). The upstream library (not-yet-commons-ssl 0.3.9) has a known CVE. The vulnerable code path has been manually verified as not invoked by existing code. Export is intentionally restricted via x-friends to xmltooling only. Do not add Import-Package: org.apache.commons.ssl to any new bundle without a security review.

Latest Versions

1 versions โ†’
VersionVulnerabilitiesUsagesDate
0.3.x
0.3.9.wso2v1
1
Jun 13, 2026
1 versions โ†’