A critical flaw has been discovered in the PKIX trust components that allows an X509 credential to be trusted in the special case where no trusted names are available for the given entityID. See External References for the complete details. External References: http://shibboleth.net/community/advisories/secadv_20150225.txt
Created opensaml-java tracking bugs for this issue: Affects: fedora-all [bug 1196628]
This issue has been addressed in the following products: Red Hat JBoss A-MQ 6.2.0 Via RHSA-2015:1177 https://rhn.redhat.com/errata/RHSA-2015-1177.html
This issue has been addressed in the following products: Red Hat JBoss Fuse 6.2.0 Via RHSA-2015:1176 https://rhn.redhat.com/errata/RHSA-2015-1176.html