...
The Apache CXF team is proud to announce the availability of our latest patch releases! Over 26 JIRA issues were fixed for 3.4.4, many back ported to 3.3.11.
These releases contain a fix for a security issue, please see the security advisories page for more information:
Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter (CVE-2021-30468)
Downloads are available here.
...