Apache CXF™ is an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, JMS or JBI.
December 13, 2022 - Apache CXF 3.5.5 and 3.4.
The Apache CXF team is proud to announce the availability of our latest patch releases! Over 9 JIRA issues were fixed for 3.5.5 and 3.4.10. Two new CVEs were issued for vulnerabilities fixed in these releases:
- CVE-2022-46363: Apache CXF directory listing / code exfiltration
- CVE-2022-46364: Apache CXF SSRF Vulnerability
Downloads are available here.