Apache · Apache Santuario Xml Security For Java · CVE-2023-44483
**Name of the Vulnerable Software and Affected Versions**
Apache Santuario - XML Security for Java versions prior to 2.2.6
Apache Santuario - XML Security for Java versions prior to 2.3.4
Apache Santuario - XML Security for Java versions prior to 3.0.3
**Description**
The issue is related to the disclosure of information through log files. When using the JSR 105 API and generating an XML Signature with debug level logging enabled, a private key may be disclosed in log files.
**Recommendations**
Upgrade to version 2.2.6, which fixes this issue.
Upgrade to version 2.3.4, which fixes this issue.
Upgrade to version 3.0.3, which fixes this issue.