The Apache CXF team is proud to announce the availability of our latest patch releases! Over 30 JIRA issues were fixed for 3.3.5, many back ported to 3.2.12.This is mostly a patch release to fix problems and issues that users have encountered. Downloads
These releases contain fixes for two new security advisories:
- CVE-2019-17573: Apache CXF Reflected XSS in the services listing page
- CVE-2019-12423: Apache CXF OpenId Connect JWK Keys service returns private/secret credentials if configured with a jwk keystore
Downloads are available here.
October 28, 2019 - Apache CXF 3.3.4 and 3.2.11 released!