Apache CXF 2.1.2 Release Notes


Apache CXF 2.1.2 delivers the latest set of patches and bug fixes for Apache CXF. This release fixes 67 JIRA issues that have been reported by users. For the complete list, see: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12313268&styleName=Html&projectId=12310511&Create=Create

Installation Prerequisites

Before installing Apache CXF, make sure the following products,
with the specified versions, are installed on your system:

  • Java 5 Development Kit
  • Apache ant 1.6

Java 5 Development Kit

You must install the J2SE Development Kit (JDK) 5.0, which can be downloaded


After installing the JDK, set or modify the following environment variables:

  • JAVA_HOME – set this environment variable
    to point at the root directory of the JDK 5.0 installation.
  • PATH – make sure that your PATH includes:
    %JAVA_HOME%\bin (Windows)
    $JAVA_HOME/bin (UNIX)

Apache Ant 1.6.5 (or newer, 1.7.0 should work as well)

To run samples included in the binary distribution of Apache CXF,
you must install the Apache Ant 1.6.5 build utility, which can be downloaded


After installing Apache Ant, add the <AntInstallDir>/bin directory to your PATH.

For more details, see the Installation Guide.

Bouncy Castle/JCE and Xalan requirement for WS-Security

To use the WS-Security features of CXF, you need to obtain a JCE crypto provider
that implements the algorithms that you plan to use. One option is to download
the Bouncy Castle jar from: http://bouncycastle.org/download/bcprov-jdk14-136.jar
and add that to the lib directory or classpath.

You also need to have xalan available as the xmlsec code has direct
dependencies on xalan. However, all recent versions of xalan (2.5.0 - 2.7.1)
have bugs in them that prevent the JAX-WS TCK from passing if it's on the
classpath. Specifically, reading an EndpointReference via
EndpointReference.readFrom(Source) may not result in an EndpointReference that
is completely usable as namespace declarations may be lost.

The latest version of the WSS4J library that is used to implement WS-Security
requires the opensaml jar to be on the classpath. This is different than previous
versions that only required it if doing SAML assertions. When upgrading
to CXF 2.1.2, you will need to add the opensaml jar to your application.

Building the Samples

Building the samples included in the binary distribution is easy. Change to
the samples directory and follow the build instructions in the README.txt file
included with each sample.



The WS-Security configuration mechanisms may change between this release and
the next one as we add in support for WS-SecurityPolicy and WS-Trust.


2.1.2 upgrades the JAX-RS/JSR-311 support level to 0.8 from 0.6. This may cause
existing JAX-RS applications to fail. JAX-RS/JSR-311 is a work in progress and as
the specification changes, we'll be updating the implementation to keep track with
the specification.

Reporting Problems

If you have any problems or want to send feedback of any kind, please e-mail the
cxf dev list, cxf-dev@incubator.apache.org. You can also file issues in JIRA at:


  • No labels