An update for xml-security is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2385 Final 1.0 1.0 2025-10-11 Initial 2025-10-11 2025-10-11 openEuler SA Tool V1.0 2025-10-11 xml-security security update An update for xml-security is now available for openEuler-22.03-LTS-SP3 The XML Security project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards : - XML-Signature Syntax and Processing; and - XML Encryption Syntax and Processing. Security Fix(es): All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.(CVE-2023-44483) An update for xml-security is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium xml-security https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2385 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-44483 https://nvd.nist.gov/vuln/detail/CVE-2023-44483 openEuler-22.03-LTS-SP3 xml-security-2.3.5-1.oe2203sp3.noarch.rpm xml-security-demo-2.3.5-1.oe2203sp3.noarch.rpm xml-security-javadoc-2.3.5-1.oe2203sp3.noarch.rpm xml-security-2.3.5-1.oe2203sp3.src.rpm All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. 2025-10-11 CVE-2023-44483 openEuler-22.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N xml-security security update 2025-10-11 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2385